# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 27.09.2021 18:06:40.961 Process: id = "1" image_name = "9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" page_root = "0x47234000" os_pid = "0x4d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x664" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x437fff monitored = 1 entry_point = 0x40312a region_type = mapped_file name = "9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") Region: id = 128 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 271 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 272 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 273 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 274 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 275 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 276 start_va = 0x440000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 277 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 279 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 280 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 281 start_va = 0x550000 end_va = 0x60dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 282 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 283 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 284 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 285 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 286 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 287 start_va = 0x610000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 288 start_va = 0x650000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 289 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 290 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 291 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 292 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 293 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 294 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 295 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 296 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 297 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 298 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 299 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 300 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 301 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 302 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 303 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 304 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 305 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 306 start_va = 0x6c340000 end_va = 0x6c3d1fff monitored = 0 entry_point = 0x6c34dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 307 start_va = 0x750000 end_va = 0x8d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 308 start_va = 0x8e0000 end_va = 0x909fff monitored = 0 entry_point = 0x8e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 309 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 310 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 311 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 312 start_va = 0x8e0000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 313 start_va = 0xa70000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 314 start_va = 0x1e70000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 315 start_va = 0x1e70000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 316 start_va = 0x2000000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 317 start_va = 0x1e70000 end_va = 0x1f00fff monitored = 0 entry_point = 0x1ea8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 318 start_va = 0x1fd0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 319 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 320 start_va = 0x1e70000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 321 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 322 start_va = 0x74620000 end_va = 0x74a2afff monitored = 0 entry_point = 0x7464adf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 323 start_va = 0x71f20000 end_va = 0x7206afff monitored = 0 entry_point = 0x71f81660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 324 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 325 start_va = 0x6f880000 end_va = 0x6f89cfff monitored = 0 entry_point = 0x6f883b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 326 start_va = 0x6c580000 end_va = 0x6c5d3fff monitored = 0 entry_point = 0x6c59dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 327 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 328 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 329 start_va = 0x6c570000 end_va = 0x6c577fff monitored = 0 entry_point = 0x6c5717b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 330 start_va = 0x6c560000 end_va = 0x6c565fff monitored = 0 entry_point = 0x6c561570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 331 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 332 start_va = 0x450000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 333 start_va = 0x2010000 end_va = 0x2346fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 334 start_va = 0x1e70000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 335 start_va = 0x1f80000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 336 start_va = 0x2350000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 337 start_va = 0x1eb0000 end_va = 0x1eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 338 start_va = 0x1ec0000 end_va = 0x1ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 339 start_va = 0x1ed0000 end_va = 0x1ed3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 340 start_va = 0x1ee0000 end_va = 0x1ef2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 341 start_va = 0x1f00000 end_va = 0x1f00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f00000" filename = "" Region: id = 342 start_va = 0x1f10000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 343 start_va = 0x2450000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 344 start_va = 0x6c4d0000 end_va = 0x6c550fff monitored = 0 entry_point = 0x6c4d6310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 345 start_va = 0x6c4b0000 end_va = 0x6c4c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 346 start_va = 0x6c470000 end_va = 0x6c4a0fff monitored = 0 entry_point = 0x6c4822d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 347 start_va = 0x1ed0000 end_va = 0x1ed3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 348 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 349 start_va = 0x1f50000 end_va = 0x1f50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f50000" filename = "" Region: id = 350 start_va = 0x2550000 end_va = 0x260bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002550000" filename = "" Region: id = 351 start_va = 0x1f50000 end_va = 0x1f53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f50000" filename = "" Region: id = 352 start_va = 0x1f60000 end_va = 0x1f61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Region: id = 353 start_va = 0x1f70000 end_va = 0x1f70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f70000" filename = "" Region: id = 354 start_va = 0x1f90000 end_va = 0x1f94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 355 start_va = 0x1fa0000 end_va = 0x1fabfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 356 start_va = 0x6c460000 end_va = 0x6c46ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "sbolbwplhfo.dll" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nss3bf.tmp\\sbolbwplhfo.dll") Region: id = 357 start_va = 0x1fa0000 end_va = 0x1fa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 358 start_va = 0x6c3f0000 end_va = 0x6c456fff monitored = 0 entry_point = 0x6c405a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 359 start_va = 0x6c260000 end_va = 0x6c2defff monitored = 0 entry_point = 0x6c26ef20 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\SysWOW64\\mscms.dll" (normalized: "c:\\windows\\syswow64\\mscms.dll") Region: id = 360 start_va = 0x6c2e0000 end_va = 0x6c2f9fff monitored = 0 entry_point = 0x6c2e3820 region_type = mapped_file name = "mapi32.dll" filename = "\\Windows\\SysWOW64\\mapi32.dll" (normalized: "c:\\windows\\syswow64\\mapi32.dll") Region: id = 361 start_va = 0x6c300000 end_va = 0x6c31efff monitored = 0 entry_point = 0x6c309820 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\SysWOW64\\loadperf.dll" (normalized: "c:\\windows\\syswow64\\loadperf.dll") Region: id = 362 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 363 start_va = 0x2610000 end_va = 0xe4ccfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 364 start_va = 0xe4d0000 end_va = 0xe515fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e4d0000" filename = "" Region: id = 381 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 382 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 384 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 385 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 386 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 387 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 388 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 389 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 390 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 391 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 392 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 393 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 394 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 395 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 396 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 397 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Region: id = 398 start_va = 0xe520000 end_va = 0xe698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e520000" filename = "" Region: id = 399 start_va = 0xe6a0000 end_va = 0xe81afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e6a0000" filename = "" Thread: id = 1 os_tid = 0x4b0 [0085.672] SetErrorMode (uMode=0x8001) returned 0x0 [0085.687] GetVersion () returned 0x23f00206 [0085.687] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74530000 [0085.687] GetProcAddress (hModule=0x74530000, lpProcName="SetDefaultDllDirectories") returned 0x76d56270 [0085.687] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0085.687] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0085.688] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0085.688] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x70040000 [0086.600] lstrlenA (lpString="UXTHEME") returned 7 [0086.600] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0086.601] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\USERENV.dll") returned 12 [0086.601] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x70020000 [0086.925] lstrlenA (lpString="USERENV") returned 7 [0086.925] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0086.925] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0086.925] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x74620000 [0087.469] lstrlenA (lpString="SETUPAPI") returned 8 [0087.469] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.469] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\APPHELP.dll") returned 12 [0087.469] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x73ee0000 [0087.469] lstrlenA (lpString="APPHELP") returned 7 [0087.469] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.469] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0087.469] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x71f20000 [0088.011] lstrlenA (lpString="PROPSYS") returned 7 [0088.011] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.011] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0088.011] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x6f880000 [0088.479] lstrlenA (lpString="DWMAPI") returned 6 [0088.479] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.480] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0088.480] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x73f80000 [0088.480] lstrlenA (lpString="CRYPTBASE") returned 9 [0088.480] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.480] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\OLEACC.dll") returned 11 [0088.480] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6c580000 [0089.280] lstrlenA (lpString="OLEACC") returned 6 [0089.280] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0089.280] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0089.280] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x74360000 [0089.668] lstrlenA (lpString="CLBCATQ") returned 7 [0089.668] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0089.668] GetSystemDirectoryA (in: lpBuffer=0x19fcb4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0089.668] wsprintfA (in: param_1=0x19fcc7, param_2="%s%s.dll" | out: param_1="\\VERSION.dll") returned 12 [0089.668] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6c570000 [0089.852] GetProcAddress (hModule=0x6c570000, lpProcName="GetFileVersionInfoA") returned 0x6c571490 [0089.852] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0089.853] GetSystemDirectoryA (in: lpBuffer=0x19fcb4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0089.853] wsprintfA (in: param_1=0x19fcc7, param_2="%s%s.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0089.853] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6c560000 [0089.864] GetProcAddress (hModule=0x6c560000, lpProcName="SHGetFolderPathA") returned 0x6c561300 [0089.864] InitCommonControls () [0089.864] OleInitialize (pvReserved=0x0) returned 0x0 [0089.999] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fe24, cbFileInfo=0x160, uFlags=0x0 | out: psfi=0x19fe24) returned 0x1 [0090.070] lstrcpynA (in: lpString1=0x42e420, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0090.070] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " [0090.070] lstrcpynA (in: lpString1=0x434000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " [0090.070] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0090.074] GetTempPathA (in: nBufferLength=0x400, lpBuffer=0x435400 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0090.083] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0090.084] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0090.084] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0090.085] GetLastError () returned 0xb7 [0090.085] GetTickCount () returned 0x154fda3 [0090.085] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsp", uUnique=0x0, lpTempFileName=0x435000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nspFDA3.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nspfda3.tmp")) returned 0xfda3 [0090.087] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nspFDA3.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nspfda3.tmp")) returned 1 [0090.087] GetTickCount () returned 0x154fda3 [0090.087] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x435c00, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x62 [0090.088] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x20 [0090.088] CreateFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x20c [0090.088] lstrcpynA (in: lpString1=0x434c00, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" [0090.088] lstrlenA (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 98 [0090.090] lstrcpynA (in: lpString1=0x436000, lpString2="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", iMaxLength=1024 | out: lpString1="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" [0090.091] GetFileSize (in: hFile=0x20c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4f929 [0090.091] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.091] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.092] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.093] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.094] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.095] ReadFile (in: hFile=0x20c, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0090.096] SetFilePointer (in: hFile=0x20c, lDistanceToMove=34844, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x881c [0090.096] ReadFile (in: hFile=0x20c, lpBuffer=0x19fdac, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fd30, lpOverlapped=0x0 | out: lpBuffer=0x19fdac*, lpNumberOfBytesRead=0x19fd30*=0x4, lpOverlapped=0x0) returned 1 [0090.096] GetTickCount () returned 0x154fda3 [0090.096] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x1919, lpNumberOfBytesRead=0x19fd30, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19fd30*=0x1919, lpOverlapped=0x0) returned 1 [0090.099] GetTickCount () returned 0x154fda3 [0090.099] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xa139 [0090.099] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74530000 [0090.099] GetProcAddress (hModule=0x74530000, lpProcName="GetUserDefaultUILanguage") returned 0x7454b0a0 [0090.099] GetUserDefaultUILanguage () returned 0x409 [0090.099] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0090.099] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0090.099] lstrlenA (lpString="dah") returned 3 [0090.099] lstrcpynA (in: lpString1=0x42e420, lpString2="dah Setup", iMaxLength=1024 | out: lpString1="dah Setup") returned="dah Setup" [0090.100] SetWindowTextA (hWnd=0x0, lpString="dah Setup") returned 0 [0090.100] lstrcpynA (in: lpString1=0x479174, lpString2="uzcfoxtroxoch", iMaxLength=1024 | out: lpString1="uzcfoxtroxoch") returned="uzcfoxtroxoch" [0090.100] lstrcpynA (in: lpString1=0x47958c, lpString2="jzwqozdjqxym", iMaxLength=1024 | out: lpString1="jzwqozdjqxym") returned="jzwqozdjqxym" [0090.100] lstrcpynA (in: lpString1=0x4799a4, lpString2="gcioapsemfyw", iMaxLength=1024 | out: lpString1="gcioapsemfyw") returned="gcioapsemfyw" [0090.100] lstrcpynA (in: lpString1=0x42b4a8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0090.100] lstrcpynA (in: lpString1=0x42b4a8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0090.100] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0090.100] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0090.100] lstrcpynA (in: lpString1=0x434400, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0090.100] LoadImageA (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0xc00f9 [0090.104] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0090.104] lstrlenA (lpString="dah") returned 3 [0090.104] lstrcpynA (in: lpString1=0x42e420, lpString2="dah Setup", iMaxLength=1024 | out: lpString1="dah Setup") returned="dah Setup" [0090.104] SetWindowTextA (hWnd=0x0, lpString="dah Setup") returned 0 [0090.104] lstrcpynA (in: lpString1=0x479174, lpString2="uzcfoxtroxoch", iMaxLength=1024 | out: lpString1="uzcfoxtroxoch") returned="uzcfoxtroxoch" [0090.104] lstrcpynA (in: lpString1=0x47958c, lpString2="jzwqozdjqxym", iMaxLength=1024 | out: lpString1="jzwqozdjqxym") returned="jzwqozdjqxym" [0090.105] lstrcpynA (in: lpString1=0x4799a4, lpString2="gcioapsemfyw", iMaxLength=1024 | out: lpString1="gcioapsemfyw") returned="gcioapsemfyw" [0090.105] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0090.105] GetSystemDirectoryA (in: lpBuffer=0x19fc9c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.105] wsprintfA (in: param_1=0x19fcaf, param_2="%s%s.dll" | out: param_1="\\RichEd20.dll") returned 13 [0090.105] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6c4d0000 [0090.767] GetClassInfoA (in: hInstance=0x0, lpClassName="RichEdit20A", lpWndClass=0x42e3c0 | out: lpWndClass=0x42e3c0) returned 1 [0090.769] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x4039b0, dwInitParam=0x0) [0091.629] GetDlgItem (hDlg=0x501e2, nIDDlgItem=1) returned 0x40200 [0091.629] GetDlgItem (hDlg=0x501e2, nIDDlgItem=2) returned 0x601c0 [0091.629] SetDlgItemTextA (hDlg=0x501e2, nIDDlgItem=1028, lpString="Nullsoft Install System v2.51") returned 1 [0091.630] SetClassLongA (hWnd=0x501e2, nIndex=-14, dwNewLong=786681) returned 0x0 [0091.652] lstrcpynA (in: lpString1=0x42dbc0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.652] lstrlenA (lpString="") returned 0 [0091.652] lstrcpynA (in: lpString1=0x40a440, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.653] lstrcpynA (in: lpString1=0x40a840, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.653] lstrcmpiA (lpString1="", lpString2="") returned 0 [0091.653] lstrcpynA (in: lpString1=0x42dbc0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.653] lstrlenA (lpString="") returned 0 [0091.653] lstrcpynA (in: lpString1=0x48a1b4, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.653] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0091.653] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0091.653] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0091.653] GetTickCount () returned 0x15503be [0091.653] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nss", uUnique=0x0, lpTempFileName=0x42f000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nss3bf.tmp")) returned 0x3bf [0091.656] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.656] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.657] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.657] lstrcpynA (in: lpString1=0x42b4a8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.657] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.657] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", lpFindFileData=0x42c0f0 | out: lpFindFileData=0x42c0f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1e77abf, ftCreationTime.dwHighDateTime=0x1d7b3ca, ftLastAccessTime.dwLowDateTime=0xa1e77abf, ftLastAccessTime.dwHighDateTime=0x1d7b3ca, ftLastWriteTime.dwLowDateTime=0xa1e77abf, ftLastWriteTime.dwHighDateTime=0x1d7b3ca, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6f004c, dwReserved1=0x610063, cFileName="nss3BF.tmp", cAlternateFileName="")) returned 0x465538 [0091.657] FindClose (in: hFindFile=0x465538 | out: hFindFile=0x465538) returned 1 [0091.657] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nss3bf.tmp")) returned 1 [0091.658] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.658] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.658] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.658] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0091.658] GetLastError () returned 0xb7 [0091.658] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0091.658] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0091.659] GetLastError () returned 0xb7 [0091.659] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0091.659] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0091.659] GetLastError () returned 0xb7 [0091.659] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0091.659] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0091.659] GetLastError () returned 0xb7 [0091.659] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0091.660] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0091.660] GetLastError () returned 0xb7 [0091.660] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0091.660] GetModuleHandleA (lpModuleName="SHELL32") returned 0x74a90000 [0091.660] GetProcAddress (hModule=0x74a90000, lpProcName=0x2a8) returned 0x74d3db90 [0091.661] IsUserAnAdmin () returned 1 [0091.661] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nss3bf.tmp"), lpSecurityAttributes=0x19f5c0) returned 1 [0091.662] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.662] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.662] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.662] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.662] lstrcpynA (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.662] lstrcpynA (in: lpString1=0x42f000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.662] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0091.662] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0091.662] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0091.662] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0091.663] GetLastError () returned 0xb7 [0091.663] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0091.663] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0091.663] GetLastError () returned 0xb7 [0091.663] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0091.663] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0091.663] GetLastError () returned 0xb7 [0091.663] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0091.663] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0091.663] GetLastError () returned 0xb7 [0091.664] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0091.664] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0091.664] GetLastError () returned 0xb7 [0091.664] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0091.664] lstrcpynA (in: lpString1=0x434800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0091.664] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0091.665] lstrcpynA (in: lpString1=0x40a840, lpString2="150qx0uurbj07478t", iMaxLength=1024 | out: lpString1="150qx0uurbj07478t") returned="150qx0uurbj07478t" [0091.665] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0091.665] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0091.665] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0091.665] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="150qx0uurbj07478t" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t" [0091.665] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\150qx0uurbj07478t")) returned 0xffffffff [0091.665] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\150qx0uurbj07478t")) returned 0xffffffff [0091.665] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\150qx0uurbj07478t"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0091.666] SetFilePointer (in: hFile=0x20c, lDistanceToMove=41273, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xa139 [0091.666] ReadFile (in: hFile=0x20c, lpBuffer=0x19f798, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x19f798*, lpNumberOfBytesRead=0x19f71c*=0x4, lpOverlapped=0x0) returned 1 [0091.666] GetTickCount () returned 0x15503ce [0091.666] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.667] GetTickCount () returned 0x15503ce [0091.667] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x417b, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x417b, lpOverlapped=0x0) returned 1 [0091.670] GetTickCount () returned 0x15503ce [0091.670] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.670] GetTickCount () returned 0x15503ce [0091.670] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4168, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4168, lpOverlapped=0x0) returned 1 [0091.676] GetTickCount () returned 0x15503ce [0091.676] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.677] GetTickCount () returned 0x15503dd [0091.677] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x45d7, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x45d7, lpOverlapped=0x0) returned 1 [0091.678] GetTickCount () returned 0x15503dd [0091.678] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.679] GetTickCount () returned 0x15503dd [0091.679] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x54fb, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x54fb, lpOverlapped=0x0) returned 1 [0091.679] GetTickCount () returned 0x15503dd [0091.679] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.680] GetTickCount () returned 0x15503dd [0091.680] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x44a9, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x44a9, lpOverlapped=0x0) returned 1 [0091.681] GetTickCount () returned 0x15503dd [0091.681] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.681] GetTickCount () returned 0x15503dd [0091.681] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4b1e, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4b1e, lpOverlapped=0x0) returned 1 [0091.682] GetTickCount () returned 0x15503dd [0091.682] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.682] GetTickCount () returned 0x15503dd [0091.682] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x466f, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x466f, lpOverlapped=0x0) returned 1 [0091.683] GetTickCount () returned 0x15503dd [0091.683] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.684] GetTickCount () returned 0x15503dd [0091.684] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x44f5, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x44f5, lpOverlapped=0x0) returned 1 [0091.685] GetTickCount () returned 0x15503dd [0091.685] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.685] GetTickCount () returned 0x15503dd [0091.685] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x40c1, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x40c1, lpOverlapped=0x0) returned 1 [0091.686] GetTickCount () returned 0x15503dd [0091.686] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.686] GetTickCount () returned 0x15503dd [0091.686] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4bfc, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4bfc, lpOverlapped=0x0) returned 1 [0091.687] GetTickCount () returned 0x15503dd [0091.687] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.687] GetTickCount () returned 0x15503dd [0091.687] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4957, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4957, lpOverlapped=0x0) returned 1 [0091.688] GetTickCount () returned 0x15503dd [0091.688] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.688] GetTickCount () returned 0x15503dd [0091.688] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x3fc1, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x3fc1, lpOverlapped=0x0) returned 1 [0091.689] GetTickCount () returned 0x15503dd [0091.689] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.689] GetTickCount () returned 0x15503dd [0091.689] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4000, lpOverlapped=0x0) returned 1 [0091.690] GetTickCount () returned 0x15503dd [0091.690] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.690] GetTickCount () returned 0x15503dd [0091.690] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x3ffd, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x3ffd, lpOverlapped=0x0) returned 1 [0091.691] GetTickCount () returned 0x15503dd [0091.691] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.691] GetTickCount () returned 0x15503dd [0091.691] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4000, lpOverlapped=0x0) returned 1 [0091.693] GetTickCount () returned 0x15503dd [0091.693] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.693] GetTickCount () returned 0x15503ed [0091.693] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x3ffd, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x3ffd, lpOverlapped=0x0) returned 1 [0091.693] GetTickCount () returned 0x15503ed [0091.693] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0xf50, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0xf50, lpOverlapped=0x0) returned 1 [0091.694] GetTickCount () returned 0x15503ed [0091.694] MulDiv (nNumber=266064, nNumerator=100, nDenominator=266064) returned 100 [0091.694] wsprintfA (in: param_1=0x19f72c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0091.694] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0xf50, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0xf50, lpOverlapped=0x0) returned 1 [0091.694] SetFileTime (hFile=0x28, lpCreationTime=0x19f928, lpLastAccessTime=0x0, lpLastWriteTime=0x19f928) returned 1 [0091.694] CloseHandle (hObject=0x28) returned 1 [0091.707] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.707] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.707] lstrcpynA (in: lpString1=0x40a440, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.707] lstrcpynA (in: lpString1=0x40a840, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0091.707] lstrcmpiA (lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", lpString2="") returned 1 [0091.707] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.707] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.707] lstrcpynA (in: lpString1=0x40a840, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll" [0091.707] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll" [0091.707] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nss3bf.tmp\\sbolbwplhfo.dll")) returned 0xffffffff [0091.708] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nss3bf.tmp\\sbolbwplhfo.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0091.708] SetFilePointer (in: hFile=0x20c, lDistanceToMove=307341, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4b08d [0091.708] ReadFile (in: hFile=0x20c, lpBuffer=0x19f798, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x19f798*, lpNumberOfBytesRead=0x19f71c*=0x4, lpOverlapped=0x0) returned 1 [0091.708] GetTickCount () returned 0x15503ed [0091.708] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0091.709] GetTickCount () returned 0x15503fc [0091.709] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x8000, lpOverlapped=0x0) returned 1 [0091.711] GetTickCount () returned 0x15503fc [0091.711] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x2d5e, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x2d5e, lpOverlapped=0x0) returned 1 [0091.712] GetTickCount () returned 0x15503fc [0091.712] ReadFile (in: hFile=0x20c, lpBuffer=0x414c48, nNumberOfBytesToRead=0x898, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x898, lpOverlapped=0x0) returned 1 [0091.712] GetTickCount () returned 0x15503fc [0091.712] MulDiv (nNumber=18584, nNumerator=100, nDenominator=18584) returned 100 [0091.712] wsprintfA (in: param_1=0x19f72c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0091.712] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x12a2, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x12a2, lpOverlapped=0x0) returned 1 [0091.723] CloseHandle (hObject=0x28) returned 1 [0091.725] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp" [0091.725] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp") returned 47 [0091.725] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll" [0091.725] lstrcpynA (in: lpString1=0x409c40, lpString2="TclpOwkq", iMaxLength=1024 | out: lpString1="TclpOwkq") returned="TclpOwkq" [0091.725] GetModuleHandleA (lpModuleName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll") returned 0x0 [0091.727] LoadLibraryExA (lpLibFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nss3BF.tmp\\sbolbwplhfo.dll", hFile=0x0, dwFlags=0x8) returned 0x6c460000 [0092.556] GetProcAddress (hModule=0x6c460000, lpProcName="TclpOwkq") returned 0x6c467500 [0092.556] VirtualAlloc (lpAddress=0x0, dwSize=0xbebc200, flAllocationType=0x3000, flProtect=0x4) returned 0x2610000 [0096.969] EnumResourceTypesA (hModule=0x0, lpEnumFunc=0x6c46b070, lParam=0x0) [0096.972] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x76f60000 [0096.973] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f1c4 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0096.973] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="150qx0uurbj07478t" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t") returned 1 [0096.974] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\150qx0uurbj07478t" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\150qx0uurbj07478t"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0096.987] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x45dff [0096.988] VirtualAlloc (lpAddress=0x0, dwSize=0x45dff, flAllocationType=0x3000, flProtect=0x4) returned 0xe4d0000 [0096.989] ReadFile (in: hFile=0x25c, lpBuffer=0xe4d0000, nNumberOfBytesToRead=0x45dff, lpNumberOfBytesRead=0x19f5d4, lpOverlapped=0x0 | out: lpBuffer=0xe4d0000*, lpNumberOfBytesRead=0x19f5d4*=0x45dff, lpOverlapped=0x0) returned 1 [0096.994] CloseHandle (hObject=0x25c) returned 1 [0097.062] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77260000 [0097.062] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ecc8, nSize=0x103 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x62 [0097.063] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19e544, nSize=0x103 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x62 [0097.063] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " [0097.063] CreateProcessW (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec20*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec84 | out: lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" ", lpProcessInformation=0x19ec84*(hProcess=0x260, hThread=0x25c, dwProcessId=0x870, dwThreadId=0x60)) returned 1 [0097.112] GetThreadContext (in: hThread=0x25c, lpContext=0x19e954 | out: lpContext=0x19e954*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x1, [5]=0x0, [6]=0x1a, [7]=0x0, [8]=0xb0, [9]=0xea, [10]=0x19, [11]=0x0, [12]=0x14, [13]=0x17, [14]=0x1a, [15]=0x0, [16]=0x8, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x4, [21]=0xea, [22]=0x1, [23]=0x1, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x25, [41]=0x2, [42]=0x0, [43]=0xc0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x28, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x44, [57]=0xeb, [58]=0x19, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xee, [65]=0xc2, [66]=0x2d, [67]=0x77, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x88, [73]=0x2e, [74]=0x45, [75]=0x0, [76]=0xfc, [77]=0xe9, [78]=0x19, [79]=0x0), FloatSave.Cr0NpxState=0x452ec4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x20b000, Edx=0x0, Ecx=0x0, Eax=0x40312a, Ebp=0x0, Eip=0x772d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x8, [1]=0xec, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x48, [17]=0xea, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x29, [23]=0x77, [24]=0xd0, [25]=0xea, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x98, [41]=0xea, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x29, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x29, [55]=0x77, [56]=0x54, [57]=0x85, [58]=0xa2, [59]=0xba, [60]=0x10, [61]=0xec, [62]=0x19, [63]=0x0, [64]=0xa0, [65]=0xec, [66]=0x19, [67]=0x0, [68]=0x8, [69]=0xec, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xac, [77]=0xeb, [78]=0x19, [79]=0x0, [80]=0xd0, [81]=0xea, [82]=0x19, [83]=0x0, [84]=0x10, [85]=0xec, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x58, [97]=0xea, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x1c, [105]=0xf7, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x2d, [111]=0x77, [112]=0xe4, [113]=0x4e, [114]=0x8e, [115]=0xcd, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x29, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x2a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x8, [145]=0xec, [146]=0x19, [147]=0x0, [148]=0xcc, [149]=0xea, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0xa0, [157]=0xec, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x2a, [163]=0x77, [164]=0x84, [165]=0xeb, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xd8, [181]=0xea, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x3, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xdc, [273]=0xeb, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0x24, [285]=0xf6, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xd8, [293]=0xeb, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0xfc, [305]=0xeb, [306]=0x19, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x10, [313]=0x0, [314]=0x8, [315]=0x2, [316]=0xe8, [317]=0xf1, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x78, [325]=0xeb, [326]=0x19, [327]=0x0, [328]=0x78, [329]=0xeb, [330]=0x19, [331]=0x0, [332]=0x78, [333]=0xeb, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x48, [349]=0x84, [350]=0xa2, [351]=0xba, [352]=0xfc, [353]=0xec, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x29, [363]=0x77, [364]=0x24, [365]=0xec, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x98, [377]=0xf1, [378]=0x19, [379]=0x0, [380]=0x24, [381]=0xf6, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x29, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0xb5, [393]=0x93, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0x24, [401]=0xf6, [402]=0x19, [403]=0x0, [404]=0x2c, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x19, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x1, [428]=0x60, [429]=0xf1, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x29, [435]=0x77, [436]=0x10, [437]=0xec, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x8, [445]=0x85, [446]=0xa2, [447]=0xba, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x68, [453]=0xec, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x2a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x2a, [483]=0x77, [484]=0x90, [485]=0xec, [486]=0x19, [487]=0x0, [488]=0x88, [489]=0x2e, [490]=0x45, [491]=0x0, [492]=0x94, [493]=0xec, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x60, [509]=0xf1, [510]=0x19, [511]=0x0))) returned 1 [0097.118] ReadProcessMemory (in: hProcess=0x260, lpBaseAddress=0x20b008, lpBuffer=0x19ec98, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19ec98*, lpNumberOfBytesRead=0x0) returned 1 [0097.118] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e50c | out: Wow64Process=0x19e50c*=1) returned 1 [0097.118] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0097.119] lstrlenW (lpString="ntdll.dll") returned 9 [0097.119] lstrlenW (lpString="ntdll.dll") returned 9 [0097.119] lstrlenW (lpString="ntdll.dll") returned 9 [0097.119] lstrlenW (lpString="ntdll.dll") returned 9 [0097.119] lstrlenW (lpString="tdll.dll") returned 8 [0097.119] lstrlenW (lpString="dll.dll") returned 7 [0097.119] lstrlenW (lpString="ll.dll") returned 6 [0097.119] lstrlenW (lpString="l.dll") returned 5 [0097.119] lstrlenW (lpString=".dll") returned 4 [0097.119] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0097.119] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0097.119] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0097.121] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4e0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4e0*=0x1784a0, lpOverlapped=0x0) returned 1 [0097.174] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0097.207] CloseHandle (hObject=0x268) returned 1 [0097.208] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.223] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.233] NtUnmapViewOfSection (ProcessHandle=0x260, BaseAddress=0x400000) returned 0x0 [0097.245] VirtualAllocEx (hProcess=0x260, lpAddress=0x400000, dwSize=0x4a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0097.256] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0097.256] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0097.256] lstrlenW (lpString="ntdll.dll") returned 9 [0097.257] lstrlenW (lpString="ntdll.dll") returned 9 [0097.257] lstrlenW (lpString="ntdll.dll") returned 9 [0097.257] lstrlenW (lpString="ntdll.dll") returned 9 [0097.257] lstrlenW (lpString="tdll.dll") returned 8 [0097.257] lstrlenW (lpString="dll.dll") returned 7 [0097.257] lstrlenW (lpString="ll.dll") returned 6 [0097.257] lstrlenW (lpString="l.dll") returned 5 [0097.257] lstrlenW (lpString=".dll") returned 4 [0097.257] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0097.257] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0097.257] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0097.258] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0097.294] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0097.330] CloseHandle (hObject=0x268) returned 1 [0097.330] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.340] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.364] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x400000, Buffer=0xe4d0000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4d0000*, NumberOfBytesWritten=0x19e510*=0x400) returned 0x0 [0097.610] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0097.610] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0097.610] lstrlenW (lpString="ntdll.dll") returned 9 [0097.610] lstrlenW (lpString="ntdll.dll") returned 9 [0097.610] lstrlenW (lpString="ntdll.dll") returned 9 [0097.610] lstrlenW (lpString="ntdll.dll") returned 9 [0097.610] lstrlenW (lpString="tdll.dll") returned 8 [0097.610] lstrlenW (lpString="dll.dll") returned 7 [0097.610] lstrlenW (lpString="ll.dll") returned 6 [0097.610] lstrlenW (lpString="l.dll") returned 5 [0097.610] lstrlenW (lpString=".dll") returned 4 [0097.611] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0097.611] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0097.611] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0097.612] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0097.631] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0097.675] CloseHandle (hObject=0x268) returned 1 [0097.675] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.683] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.701] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x401000, Buffer=0xe4d0400*, NumberOfBytesToWrite=0xac00, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4d0400*, NumberOfBytesWritten=0x19e510*=0xac00) returned 0x0 [0097.732] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0097.732] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0097.732] lstrlenW (lpString="ntdll.dll") returned 9 [0097.732] lstrlenW (lpString="ntdll.dll") returned 9 [0097.732] lstrlenW (lpString="ntdll.dll") returned 9 [0097.732] lstrlenW (lpString="ntdll.dll") returned 9 [0097.732] lstrlenW (lpString="tdll.dll") returned 8 [0097.732] lstrlenW (lpString="dll.dll") returned 7 [0097.732] lstrlenW (lpString="ll.dll") returned 6 [0097.732] lstrlenW (lpString="l.dll") returned 5 [0097.732] lstrlenW (lpString=".dll") returned 4 [0097.732] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0097.733] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0097.733] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0097.733] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0097.757] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0097.790] CloseHandle (hObject=0x268) returned 1 [0097.791] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.803] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.811] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x40c000, Buffer=0xe4db000*, NumberOfBytesToWrite=0x5a00, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4db000*, NumberOfBytesWritten=0x19e510*=0x5a00) returned 0x0 [0097.836] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0097.837] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0097.837] lstrlenW (lpString="ntdll.dll") returned 9 [0097.837] lstrlenW (lpString="ntdll.dll") returned 9 [0097.837] lstrlenW (lpString="ntdll.dll") returned 9 [0097.837] lstrlenW (lpString="ntdll.dll") returned 9 [0097.837] lstrlenW (lpString="tdll.dll") returned 8 [0097.837] lstrlenW (lpString="dll.dll") returned 7 [0097.837] lstrlenW (lpString="ll.dll") returned 6 [0097.837] lstrlenW (lpString="l.dll") returned 5 [0097.837] lstrlenW (lpString=".dll") returned 4 [0097.837] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0097.838] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0097.838] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0097.839] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0097.873] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0097.911] CloseHandle (hObject=0x268) returned 1 [0097.911] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.919] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.927] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x412000, Buffer=0xe4e0a00*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4e0a00*, NumberOfBytesWritten=0x19e510*=0x800) returned 0x0 [0097.937] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0097.937] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0097.937] lstrlenW (lpString="ntdll.dll") returned 9 [0097.937] lstrlenW (lpString="ntdll.dll") returned 9 [0097.937] lstrlenW (lpString="ntdll.dll") returned 9 [0097.937] lstrlenW (lpString="ntdll.dll") returned 9 [0097.937] lstrlenW (lpString="tdll.dll") returned 8 [0097.937] lstrlenW (lpString="dll.dll") returned 7 [0097.937] lstrlenW (lpString="ll.dll") returned 6 [0097.938] lstrlenW (lpString="l.dll") returned 5 [0097.938] lstrlenW (lpString=".dll") returned 4 [0097.938] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0097.938] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0097.939] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0097.940] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0097.968] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0098.003] CloseHandle (hObject=0x268) returned 1 [0098.003] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.010] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.017] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x414000, Buffer=0xe4e1200*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4e1200*, NumberOfBytesWritten=0x19e510*=0x200) returned 0x0 [0098.420] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0098.420] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0098.420] lstrlenW (lpString="ntdll.dll") returned 9 [0098.421] lstrlenW (lpString="ntdll.dll") returned 9 [0098.421] lstrlenW (lpString="ntdll.dll") returned 9 [0098.421] lstrlenW (lpString="ntdll.dll") returned 9 [0098.421] lstrlenW (lpString="tdll.dll") returned 8 [0098.421] lstrlenW (lpString="dll.dll") returned 7 [0098.421] lstrlenW (lpString="ll.dll") returned 6 [0098.421] lstrlenW (lpString="l.dll") returned 5 [0098.421] lstrlenW (lpString=".dll") returned 4 [0098.421] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0098.421] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0098.421] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0098.422] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0098.448] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0098.483] CloseHandle (hObject=0x268) returned 1 [0098.484] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.494] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.506] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x415000, Buffer=0xe4e1400*, NumberOfBytesToWrite=0x34a00, NumberOfBytesWritten=0x19e510 | out: Buffer=0xe4e1400*, NumberOfBytesWritten=0x19e510*=0x34a00) returned 0x0 [0098.691] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4dc | out: Wow64Process=0x19e4dc*=1) returned 1 [0098.691] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0098.691] lstrlenW (lpString="ntdll.dll") returned 9 [0098.691] lstrlenW (lpString="ntdll.dll") returned 9 [0098.691] lstrlenW (lpString="ntdll.dll") returned 9 [0098.691] lstrlenW (lpString="ntdll.dll") returned 9 [0098.691] lstrlenW (lpString="tdll.dll") returned 8 [0098.691] lstrlenW (lpString="dll.dll") returned 7 [0098.691] lstrlenW (lpString="ll.dll") returned 6 [0098.691] lstrlenW (lpString="l.dll") returned 5 [0098.691] lstrlenW (lpString=".dll") returned 4 [0098.691] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0098.694] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0098.695] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0098.695] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b0, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4b0*=0x1784a0, lpOverlapped=0x0) returned 1 [0098.718] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0098.757] CloseHandle (hObject=0x268) returned 1 [0098.757] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.776] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.784] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x20b008, Buffer=0x19ecac*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19e510 | out: Buffer=0x19ecac*, NumberOfBytesWritten=0x19e510*=0x4) returned 0x0 [0098.797] SetThreadContext (hThread=0x25c, lpContext=0x19e954*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x1, [5]=0x0, [6]=0x1a, [7]=0x0, [8]=0xb0, [9]=0xea, [10]=0x19, [11]=0x0, [12]=0x14, [13]=0x17, [14]=0x1a, [15]=0x0, [16]=0x8, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x4, [21]=0xea, [22]=0x1, [23]=0x1, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x25, [41]=0x2, [42]=0x0, [43]=0xc0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x28, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x44, [57]=0xeb, [58]=0x19, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xee, [65]=0xc2, [66]=0x2d, [67]=0x77, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x88, [73]=0x2e, [74]=0x45, [75]=0x0, [76]=0xfc, [77]=0xe9, [78]=0x19, [79]=0x0), FloatSave.Cr0NpxState=0x452ec4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x20b000, Edx=0x0, Ecx=0x0, Eax=0x40188b, Ebp=0x0, Eip=0x772d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x8, [1]=0xec, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x48, [17]=0xea, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x29, [23]=0x77, [24]=0xd0, [25]=0xea, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x98, [41]=0xea, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x29, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x29, [55]=0x77, [56]=0x54, [57]=0x85, [58]=0xa2, [59]=0xba, [60]=0x10, [61]=0xec, [62]=0x19, [63]=0x0, [64]=0xa0, [65]=0xec, [66]=0x19, [67]=0x0, [68]=0x8, [69]=0xec, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xac, [77]=0xeb, [78]=0x19, [79]=0x0, [80]=0xd0, [81]=0xea, [82]=0x19, [83]=0x0, [84]=0x10, [85]=0xec, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x58, [97]=0xea, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x1c, [105]=0xf7, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x2d, [111]=0x77, [112]=0xe4, [113]=0x4e, [114]=0x8e, [115]=0xcd, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x29, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x2a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x8, [145]=0xec, [146]=0x19, [147]=0x0, [148]=0xcc, [149]=0xea, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0xa0, [157]=0xec, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x2a, [163]=0x77, [164]=0x84, [165]=0xeb, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xd8, [181]=0xea, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x3, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xdc, [273]=0xeb, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0x24, [285]=0xf6, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xd8, [293]=0xeb, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0xfc, [305]=0xeb, [306]=0x19, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x10, [313]=0x0, [314]=0x8, [315]=0x2, [316]=0xe8, [317]=0xf1, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x78, [325]=0xeb, [326]=0x19, [327]=0x0, [328]=0x78, [329]=0xeb, [330]=0x19, [331]=0x0, [332]=0x78, [333]=0xeb, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x48, [349]=0x84, [350]=0xa2, [351]=0xba, [352]=0xfc, [353]=0xec, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x29, [363]=0x77, [364]=0x24, [365]=0xec, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x98, [377]=0xf1, [378]=0x19, [379]=0x0, [380]=0x24, [381]=0xf6, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x29, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0xb5, [393]=0x93, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0x24, [401]=0xf6, [402]=0x19, [403]=0x0, [404]=0x2c, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x19, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x1, [428]=0x60, [429]=0xf1, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x29, [435]=0x77, [436]=0x10, [437]=0xec, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x8, [445]=0x85, [446]=0xa2, [447]=0xba, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x68, [453]=0xec, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x2a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x2a, [483]=0x77, [484]=0x90, [485]=0xec, [486]=0x19, [487]=0x0, [488]=0x88, [489]=0x2e, [490]=0x45, [491]=0x0, [492]=0x94, [493]=0xec, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x60, [509]=0xf1, [510]=0x19, [511]=0x0))) returned 1 [0098.863] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e504 | out: Wow64Process=0x19e504*=1) returned 1 [0098.863] lstrlenW (lpString="9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") returned 68 [0098.863] lstrlenW (lpString="ntdll.dll") returned 9 [0098.863] lstrlenW (lpString="ntdll.dll") returned 9 [0098.863] lstrlenW (lpString="ntdll.dll") returned 9 [0098.863] lstrlenW (lpString="ntdll.dll") returned 9 [0098.863] lstrlenW (lpString="tdll.dll") returned 8 [0098.863] lstrlenW (lpString="dll.dll") returned 7 [0098.863] lstrlenW (lpString="ll.dll") returned 6 [0098.863] lstrlenW (lpString="l.dll") returned 5 [0098.863] lstrlenW (lpString=".dll") returned 4 [0098.863] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0098.864] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0098.864] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe520000 [0098.864] ReadFile (in: hFile=0x268, lpBuffer=0xe520000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4d8, lpOverlapped=0x0 | out: lpBuffer=0xe520000*, lpNumberOfBytesRead=0x19e4d8*=0x1784a0, lpOverlapped=0x0) returned 1 [0098.882] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe6a0000 [0098.935] CloseHandle (hObject=0x268) returned 1 [0098.936] VirtualFree (lpAddress=0xe520000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.949] VirtualFree (lpAddress=0xe6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0098.958] NtResumeThread (in: ThreadHandle=0x25c, SuspendCount=0x19e520 | out: SuspendCount=0x19e520*=0x1) returned 0x0 [0099.031] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x6f8 Thread: id = 3 os_tid = 0xa28 Thread: id = 4 os_tid = 0xa40 Process: id = "2" image_name = "9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" page_root = "0x20c1b000" os_pid = "0x870" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x4d0" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 365 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 366 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 367 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 368 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 369 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 370 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 371 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 372 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 373 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 374 start_va = 0x400000 end_va = 0x437fff monitored = 1 entry_point = 0x40312a region_type = mapped_file name = "9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe") Region: id = 375 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 376 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 377 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 378 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 379 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 380 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 383 start_va = 0x400000 end_va = 0x449fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 400 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 401 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 402 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 403 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 404 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 405 start_va = 0x500000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 406 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 407 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 408 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 409 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 410 start_va = 0x650000 end_va = 0x70dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 411 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 412 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 413 start_va = 0x450000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 414 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 415 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 416 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 417 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 418 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 419 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 420 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 421 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 422 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 423 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 424 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 425 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 426 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 427 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 428 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 429 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 430 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 431 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 432 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 433 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 434 start_va = 0x6c200000 end_va = 0x6c258fff monitored = 1 entry_point = 0x6c210780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 435 start_va = 0x810000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 436 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 437 start_va = 0x8b0000 end_va = 0xa37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 438 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 439 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 440 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 441 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 442 start_va = 0xbd0000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 443 start_va = 0x490000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 444 start_va = 0x6c560000 end_va = 0x6c5d8fff monitored = 1 entry_point = 0x6c56f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 445 start_va = 0x6bb40000 end_va = 0x6c1f0fff monitored = 1 entry_point = 0x6bb55d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 446 start_va = 0x6c460000 end_va = 0x6c554fff monitored = 0 entry_point = 0x6c4b4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 447 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 448 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 449 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 450 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 451 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 452 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 453 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 454 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 455 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 456 start_va = 0x550000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 457 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 458 start_va = 0x1fd0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 459 start_va = 0x1fd0000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 460 start_va = 0x21c0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 461 start_va = 0x810000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 462 start_va = 0x8a0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 463 start_va = 0x20a0000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 464 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 465 start_va = 0x21d0000 end_va = 0x41cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 466 start_va = 0x1fd0000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 467 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 468 start_va = 0x850000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 469 start_va = 0x41d0000 end_va = 0x42cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 470 start_va = 0x42d0000 end_va = 0x4606fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 471 start_va = 0x6a910000 end_va = 0x6bb37fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 472 start_va = 0x4610000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004610000" filename = "" Region: id = 473 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 474 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 475 start_va = 0x4610000 end_va = 0x4644fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004610000" filename = "" Region: id = 476 start_va = 0x4790000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 477 start_va = 0x4650000 end_va = 0x4673fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 478 start_va = 0x6c2f0000 end_va = 0x6c36dfff monitored = 1 entry_point = 0x6c2f1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 479 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 480 start_va = 0x69f60000 end_va = 0x6a90bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 481 start_va = 0x69dd0000 end_va = 0x69f5cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 482 start_va = 0x69170000 end_va = 0x69dc8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 483 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 484 start_va = 0x4680000 end_va = 0x471bfff monitored = 1 entry_point = 0x470e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 485 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 486 start_va = 0x6c2e0000 end_va = 0x6c2e7fff monitored = 0 entry_point = 0x6c2e17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 487 start_va = 0x47a0000 end_va = 0x489ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 488 start_va = 0x2070000 end_va = 0x2070fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 489 start_va = 0x2080000 end_va = 0x2080fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 490 start_va = 0x2080000 end_va = 0x2088fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 491 start_va = 0x2080000 end_va = 0x2080fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 492 start_va = 0x2080000 end_va = 0x2088fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 493 start_va = 0x2080000 end_va = 0x2080fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 494 start_va = 0x2080000 end_va = 0x2088fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 495 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 496 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 497 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 498 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 499 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 500 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 501 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 502 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 503 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 504 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 505 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 506 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 507 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 508 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 509 start_va = 0x68a50000 end_va = 0x69161fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 510 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 511 start_va = 0x21b0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 512 start_va = 0x4720000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 513 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 514 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 515 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 516 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 517 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 518 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 519 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 520 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 521 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 522 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 523 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 524 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 525 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 526 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 527 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 528 start_va = 0x21a0000 end_va = 0x21b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021a0000" filename = "" Region: id = 529 start_va = 0x68960000 end_va = 0x68a4efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 530 start_va = 0x68240000 end_va = 0x68955fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 531 start_va = 0x6c3a0000 end_va = 0x6c444fff monitored = 0 entry_point = 0x6c3bac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 532 start_va = 0x6c370000 end_va = 0x6c392fff monitored = 0 entry_point = 0x6c375570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 533 start_va = 0x6c2d0000 end_va = 0x6c2dffff monitored = 0 entry_point = 0x6c2d3820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 534 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 535 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 536 start_va = 0x2080000 end_va = 0x2081fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 537 start_va = 0x4720000 end_va = 0x4720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004720000" filename = "" Region: id = 538 start_va = 0x48a0000 end_va = 0x497ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 539 start_va = 0x4730000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 540 start_va = 0x4980000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004980000" filename = "" Region: id = 541 start_va = 0x700d0000 end_va = 0x7016afff monitored = 0 entry_point = 0x7010f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 542 start_va = 0x4a80000 end_va = 0x4abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 543 start_va = 0x4ac0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 544 start_va = 0x70170000 end_va = 0x70181fff monitored = 0 entry_point = 0x70174510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 545 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 546 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 547 start_va = 0x718f0000 end_va = 0x71902fff monitored = 0 entry_point = 0x718f25d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 548 start_va = 0x718d0000 end_va = 0x718e3fff monitored = 0 entry_point = 0x718d3c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 549 start_va = 0x4bc0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 550 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 551 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 552 start_va = 0x700c0000 end_va = 0x700c7fff monitored = 0 entry_point = 0x700c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 553 start_va = 0x71960000 end_va = 0x71967fff monitored = 0 entry_point = 0x71961920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 554 start_va = 0x71910000 end_va = 0x71956fff monitored = 0 entry_point = 0x719258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 555 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 556 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 557 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 558 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 559 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 560 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 561 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 562 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 563 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 564 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 565 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 566 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 567 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 568 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 569 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 570 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 571 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 572 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 573 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 574 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 575 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 576 start_va = 0x6fe40000 end_va = 0x6fe52fff monitored = 0 entry_point = 0x6fe49950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 577 start_va = 0x6fe10000 end_va = 0x6fe3efff monitored = 0 entry_point = 0x6fe295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 578 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 579 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 580 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 581 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 582 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 583 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 584 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 585 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 586 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 587 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 588 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 589 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 590 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 591 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 592 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 593 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 594 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 595 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 596 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 597 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 598 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 599 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 600 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 601 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 602 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 603 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 604 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 605 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 606 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 607 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 608 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 609 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 610 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 611 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 612 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 613 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 614 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 615 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 616 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 617 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 618 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 619 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 620 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 621 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 622 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 623 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 624 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 625 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 626 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 627 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 628 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 629 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 630 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 631 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 632 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 633 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 634 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 635 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 636 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 637 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 638 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 639 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 640 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 641 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 642 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 643 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 644 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 645 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 646 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 647 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 648 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 649 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 650 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 651 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 652 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 653 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 654 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 655 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 656 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 657 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 658 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 659 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 660 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 661 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 662 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 663 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 664 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 665 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 666 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 667 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 668 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 669 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 670 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 671 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 672 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 673 start_va = 0x6c650000 end_va = 0x6c659fff monitored = 0 entry_point = 0x6c653200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 674 start_va = 0x6fef0000 end_va = 0x6ff53fff monitored = 0 entry_point = 0x6ff0afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 675 start_va = 0x76160000 end_va = 0x762d7fff monitored = 0 entry_point = 0x761b8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 676 start_va = 0x76c10000 end_va = 0x76c1dfff monitored = 0 entry_point = 0x76c15410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 677 start_va = 0x6fee0000 end_va = 0x6feeffff monitored = 0 entry_point = 0x6fee4600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 678 start_va = 0x6fec0000 end_va = 0x6fedffff monitored = 0 entry_point = 0x6fecd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 679 start_va = 0x6fe90000 end_va = 0x6febbfff monitored = 0 entry_point = 0x6feabb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 680 start_va = 0x6fe70000 end_va = 0x6fe89fff monitored = 0 entry_point = 0x6fe7fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 681 start_va = 0x4d00000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 682 start_va = 0x4d40000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 683 start_va = 0x4e40000 end_va = 0x4e43fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e40000" filename = "" Region: id = 684 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 685 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 686 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 687 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 688 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 689 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 690 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 691 start_va = 0x4e60000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 692 start_va = 0x68180000 end_va = 0x68235fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\4e4cb6e2e651b6d243241e4edd14b3f3\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\4e4cb6e2e651b6d243241e4edd14b3f3\\system.security.ni.dll") Region: id = 693 start_va = 0x6fe60000 end_va = 0x6fe67fff monitored = 0 entry_point = 0x6fe61d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 694 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 695 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 696 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 697 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 698 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 699 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 700 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 701 start_va = 0x4e60000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 702 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 703 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 704 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 705 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 706 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 707 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 708 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 709 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 710 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 711 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 712 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 713 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 714 start_va = 0x4e60000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 715 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 716 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 717 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 718 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 719 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 720 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 721 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 722 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 723 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 724 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 725 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 726 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 727 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 728 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 729 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 730 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 731 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 732 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 733 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 734 start_va = 0x4e70000 end_va = 0x4e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 735 start_va = 0x4e80000 end_va = 0x4e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 736 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 737 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 738 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 739 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 740 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 741 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 742 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 743 start_va = 0x4e70000 end_va = 0x4e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 744 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 745 start_va = 0x4e70000 end_va = 0x4e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 746 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 747 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 748 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 749 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 750 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 751 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 752 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 753 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 754 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 755 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 756 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 757 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 758 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 759 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 760 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 761 start_va = 0x642c0000 end_va = 0x64481fff monitored = 1 entry_point = 0x644791de region_type = mapped_file name = "system.web.extensions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Web.Extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\System.Web.Extensions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.web.extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\system.web.extensions.dll") Region: id = 762 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 763 start_va = 0x4e70000 end_va = 0x5031fff monitored = 1 entry_point = 0x50291de region_type = mapped_file name = "system.web.extensions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Web.Extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\System.Web.Extensions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.web.extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\system.web.extensions.dll") Region: id = 764 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 765 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 766 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 767 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 768 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 769 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 770 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 771 start_va = 0x5050000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 772 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 773 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 774 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 775 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 776 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 777 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 778 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 779 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 780 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 781 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 782 start_va = 0x5060000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 783 start_va = 0x50a0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 784 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 785 start_va = 0x50e0000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 786 start_va = 0x6f880000 end_va = 0x6f89cfff monitored = 0 entry_point = 0x6f883b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 787 start_va = 0x50e0000 end_va = 0x516efff monitored = 0 entry_point = 0x50edd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 788 start_va = 0x5170000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 789 start_va = 0x680e0000 end_va = 0x68171fff monitored = 0 entry_point = 0x680edd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 790 start_va = 0x5180000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 791 start_va = 0x5040000 end_va = 0x5040fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005040000" filename = "" Region: id = 792 start_va = 0x5240000 end_va = 0x52fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005240000" filename = "" Region: id = 793 start_va = 0x5040000 end_va = 0x5043fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005040000" filename = "" Region: id = 794 start_va = 0x50e0000 end_va = 0x50e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 795 start_va = 0x50f0000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 796 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 797 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 798 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 799 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 800 start_va = 0x5400000 end_va = 0x57fafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005400000" filename = "" Region: id = 801 start_va = 0x450000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 802 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 803 start_va = 0x5180000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 804 start_va = 0x51c0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 805 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Thread: id = 5 os_tid = 0x60 [0099.462] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0099.462] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0099.462] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76cdd740 [0099.463] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0099.463] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76ce4490 [0099.463] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76cdd7a0 [0099.501] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0099.501] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76cdd740 [0099.502] GetProcessHeap () returned 0x550000 [0099.502] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0099.502] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76ce4490 [0099.502] GetLastError () returned 0x0 [0099.502] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76ccf350 [0099.503] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x364) returned 0x560e70 [0099.503] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76cdd7a0 [0099.503] SetLastError (dwErrCode=0x0) [0099.503] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xc00) returned 0x5611e0 [0099.505] GetStartupInfoW (in: lpStartupInfo=0x19fe98 | out: lpStartupInfo=0x19fe98*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4022f0, hStdOutput=0x2044be7b, hStdError=0xfffffffe)) [0099.505] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0099.505] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0099.505] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.505] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " [0099.505] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe\" " [0099.505] GetLastError () returned 0x0 [0099.505] SetLastError (dwErrCode=0x0) [0099.505] GetLastError () returned 0x0 [0099.505] SetLastError (dwErrCode=0x0) [0099.505] GetACP () returned 0x4e4 [0099.505] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x220) returned 0x561de8 [0099.506] IsValidCodePage (CodePage=0x4e4) returned 1 [0099.506] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec8 | out: lpCPInfo=0x19fec8) returned 1 [0099.506] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f790 | out: lpCPInfo=0x19f790) returned 1 [0099.506] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.506] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.506] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19f7a4 | out: lpCharType=0x19f7a4) returned 1 [0099.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.512] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x76c20000 [0099.513] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cc95f0 [0099.513] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0099.513] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0099.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fca4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿóP\x1c àþ\x19", lpUsedDefaultChar=0x0) returned 256 [0099.513] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.513] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0099.513] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0099.513] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0099.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fba4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿóP\x1c àþ\x19", lpUsedDefaultChar=0x0) returned 256 [0099.523] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x80) returned 0x5574f8 [0099.523] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x412bf8, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x62 [0099.523] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xce) returned 0x55a3f0 [0099.523] RtlInitializeSListHead (in: ListHead=0x4127f0 | out: ListHead=0x4127f0) [0099.523] GetLastError () returned 0x0 [0099.523] SetLastError (dwErrCode=0x0) [0099.523] GetEnvironmentStringsW () returned 0x562010* [0099.523] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa1a) returned 0x562a38 [0099.523] FreeEnvironmentStringsW (penv=0x562010) returned 1 [0099.523] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x90) returned 0x553fc0 [0099.523] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x3e) returned 0x55c250 [0099.523] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x5c) returned 0x554458 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x6e) returned 0x554088 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x78) returned 0x5544e0 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x62) returned 0x553a40 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x28) returned 0x5537f0 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x48) returned 0x553650 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x1a) returned 0x5536a0 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x3a) returned 0x55bd88 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x62) returned 0x552850 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x2a) returned 0x559280 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x2e) returned 0x559328 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x1c) returned 0x550580 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xd2) returned 0x559af0 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x7c) returned 0x553df8 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x36) returned 0x55e380 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x3a) returned 0x55bb00 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x90) returned 0x557f68 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x24) returned 0x553820 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x30) returned 0x559590 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x36) returned 0x55e300 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x48) returned 0x5578e0 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x52) returned 0x553868 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x3c) returned 0x55c0e8 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xd6) returned 0x559820 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x2e) returned 0x5592b8 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x1e) returned 0x557930 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x2c) returned 0x5592f0 [0099.524] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x54) returned 0x553ac8 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x52) returned 0x559c20 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x24) returned 0x5538c8 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x42) returned 0x553b28 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x2c) returned 0x559360 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x44) returned 0x559c80 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x24) returned 0x55a510 [0099.525] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x562a38 | out: hHeap=0x550000) returned 1 [0099.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x800) returned 0x562010 [0099.528] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0099.528] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401e29) returned 0x0 [0099.528] GetStartupInfoW (in: lpStartupInfo=0x19ff00 | out: lpStartupInfo=0x19ff00*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0099.528] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.528] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0xa) returned 0x415048 [0099.531] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.531] LoadResource (hModule=0x400000, hResInfo=0x415048) returned 0x415058 [0099.531] LockResource (hResData=0x415058) returned 0x415058 [0099.531] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0099.531] SizeofResource (hModule=0x400000, hResInfo=0x415048) returned 0x34939 [0103.325] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0103.330] RoInitialize () returned 0x1 [0103.330] RoUninitialize () returned 0x0 [0103.563] SafeArrayAccessData (in: psa=0x586958, ppvData=0x19fed8 | out: ppvData=0x19fed8) returned 0x0 [0103.564] SafeArrayUnaccessData (psa=0x586958) returned 0x0 [0103.662] SafeArrayGetDim (psa=0x586958) returned 0x1 [0103.662] SafeArrayGetDim (psa=0x586958) returned 0x1 [0103.662] SafeArrayGetLBound (in: psa=0x586958, nDim=0x1, plLbound=0x19fc54 | out: plLbound=0x19fc54) returned 0x0 [0103.662] SafeArrayGetVartype (in: psa=0x586958, pvt=0x19fbc4 | out: pvt=0x19fbc4) returned 0x0 [0103.819] SafeArrayAllocDescriptorEx (in: vt=0x19000d, cDims=0x1, ppsaOut=0x19fcbc | out: ppsaOut=0x19fcbc) returned 0x0 [0103.819] SafeArrayAllocData (psa=0x586b08) returned 0x0 [0103.819] CoInitialize (pvReserved=0x0) returned 0x80010106 [0103.819] VirtualAlloc (lpAddress=0x0, dwSize=0x24000, flAllocationType=0x3000, flProtect=0x40) returned 0x4650000 [0103.827] SafeArrayGetDim (psa=0x586ec8) returned 0x1 [0103.827] SafeArrayGetDim (psa=0x586ec8) returned 0x1 [0103.827] SafeArrayGetLBound (in: psa=0x586ec8, nDim=0x1, plLbound=0x19fc24 | out: plLbound=0x19fc24) returned 0x0 [0105.558] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ea34 | out: lpLuid=0x19ea34*(LowPart=0x14, HighPart=0)) returned 1 [0105.568] GetCurrentProcess () returned 0xffffffff [0105.570] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ea30 | out: TokenHandle=0x19ea30*=0x2a0) returned 1 [0105.571] AdjustTokenPrivileges (in: TokenHandle=0x2a0, DisableAllPrivileges=0, NewState=0x21d213c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0105.574] CloseHandle (hObject=0x2a0) returned 1 [0105.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x320de08, Length=0x20000, ResultLength=0x19f110 | out: SystemInformation=0x320de08, ResultLength=0x19f110*=0x179f0) returned 0x0 [0105.713] GetComputerNameW (in: lpBuffer=0x19eee8, nSize=0x19f160 | out: lpBuffer="XC64ZB", nSize=0x19f160) returned 1 [0105.733] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19ef1c | out: lpTimeZoneInformation=0x19ef1c) returned 0x2 [0105.747] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19ed70 | out: pTimeZoneInformation=0x19ed70) returned 0x2 [0105.773] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee54 | out: phkResult=0x19ee54*=0x2ac) returned 0x0 [0105.774] RegQueryValueExW (in: hKey=0x2ac, lpValueName="TZI", lpReserved=0x0, lpType=0x19ee70, lpData=0x0, lpcbData=0x19ee6c*=0x0 | out: lpType=0x19ee70*=0x3, lpData=0x0, lpcbData=0x19ee6c*=0x2c) returned 0x0 [0105.775] RegQueryValueExW (in: hKey=0x2ac, lpValueName="TZI", lpReserved=0x0, lpType=0x19ee70, lpData=0x22001d4, lpcbData=0x19ee6c*=0x2c | out: lpType=0x19ee70*=0x3, lpData=0x22001d4*, lpcbData=0x19ee6c*=0x2c) returned 0x0 [0105.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eca8 | out: phkResult=0x19eca8*=0x0) returned 0x2 [0105.777] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19ee48, lpData=0x0, lpcbData=0x19ee44*=0x0 | out: lpType=0x19ee48*=0x1, lpData=0x0, lpcbData=0x19ee44*=0x20) returned 0x0 [0105.777] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19ee48, lpData=0x22006e0, lpcbData=0x19ee44*=0x20 | out: lpType=0x19ee48*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19ee44*=0x20) returned 0x0 [0105.777] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19ee48, lpData=0x0, lpcbData=0x19ee44*=0x0 | out: lpType=0x19ee48*=0x1, lpData=0x0, lpcbData=0x19ee44*=0x20) returned 0x0 [0105.777] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19ee48, lpData=0x2200738, lpcbData=0x19ee44*=0x20 | out: lpType=0x19ee48*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19ee44*=0x20) returned 0x0 [0105.777] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19ee48, lpData=0x0, lpcbData=0x19ee44*=0x0 | out: lpType=0x19ee48*=0x1, lpData=0x0, lpcbData=0x19ee44*=0x20) returned 0x0 [0105.777] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19ee48, lpData=0x2200790, lpcbData=0x19ee44*=0x20 | out: lpType=0x19ee48*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19ee44*=0x20) returned 0x0 [0105.795] CoTaskMemAlloc (cb=0x20c) returned 0x5dd868 [0105.795] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5dd868 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0105.801] CoTaskMemFree (pv=0x5dd868) [0105.805] CoTaskMemAlloc (cb=0x20c) returned 0x5dd868 [0105.805] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ee64, pwszFileMUIPath=0x5dd868, pcchFileMUIPath=0x19ee68, pululEnumerator=0x19ee5c | out: pwszLanguage=0x0, pcchLanguage=0x19ee64, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ee68, pululEnumerator=0x19ee5c) returned 1 [0105.825] CoTaskMemFree (pv=0x0) [0105.825] CoTaskMemFree (pv=0x5dd868) [0105.825] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2080001 [0105.847] CoTaskMemAlloc (cb=0x3ec) returned 0x5e90d8 [0105.847] LoadStringW (in: hInstance=0x2080001, uID=0x140, lpBuffer=0x5e90d8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0105.848] CoTaskMemFree (pv=0x5e90d8) [0105.849] FreeLibrary (hLibModule=0x2080001) returned 1 [0105.850] CoTaskMemAlloc (cb=0x20c) returned 0x5dd868 [0105.850] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5dd868 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0105.851] CoTaskMemFree (pv=0x5dd868) [0105.851] CoTaskMemAlloc (cb=0x20c) returned 0x5dd868 [0105.851] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ee64, pwszFileMUIPath=0x5dd868, pcchFileMUIPath=0x19ee68, pululEnumerator=0x19ee5c | out: pwszLanguage=0x0, pcchLanguage=0x19ee64, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ee68, pululEnumerator=0x19ee5c) returned 1 [0105.855] CoTaskMemFree (pv=0x0) [0105.855] CoTaskMemFree (pv=0x5dd868) [0105.855] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2080001 [0105.859] CoTaskMemAlloc (cb=0x3ec) returned 0x5e90d8 [0105.859] LoadStringW (in: hInstance=0x2080001, uID=0x142, lpBuffer=0x5e90d8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0105.859] CoTaskMemFree (pv=0x5e90d8) [0105.859] FreeLibrary (hLibModule=0x2080001) returned 1 [0105.860] CoTaskMemAlloc (cb=0x20c) returned 0x5dd868 [0105.860] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5dd868 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0105.860] CoTaskMemFree (pv=0x5dd868) [0105.860] CoTaskMemAlloc (cb=0x20c) returned 0x5dd868 [0105.860] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ee64, pwszFileMUIPath=0x5dd868, pcchFileMUIPath=0x19ee68, pululEnumerator=0x19ee5c | out: pwszLanguage=0x0, pcchLanguage=0x19ee64, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ee68, pululEnumerator=0x19ee5c) returned 1 [0105.863] CoTaskMemFree (pv=0x0) [0105.863] CoTaskMemFree (pv=0x5dd868) [0105.863] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2080001 [0105.873] CoTaskMemAlloc (cb=0x3ec) returned 0x5e90d8 [0105.873] LoadStringW (in: hInstance=0x2080001, uID=0x141, lpBuffer=0x5e90d8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0105.873] CoTaskMemFree (pv=0x5e90d8) [0105.873] FreeLibrary (hLibModule=0x2080001) returned 1 [0105.875] RegCloseKey (hKey=0x2ac) returned 0x0 [0107.045] GetACP () returned 0x4e4 [0107.164] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e1ac | out: phkResult=0x19e1ac*=0x2bc) returned 0x0 [0107.164] RegQueryValueExW (in: hKey=0x2bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e1cc, lpData=0x0, lpcbData=0x19e1c8*=0x0 | out: lpType=0x19e1cc*=0x1, lpData=0x0, lpcbData=0x19e1c8*=0xe) returned 0x0 [0107.165] RegQueryValueExW (in: hKey=0x2bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e1cc, lpData=0x220a024, lpcbData=0x19e1c8*=0xe | out: lpType=0x19e1cc*=0x1, lpData="Client", lpcbData=0x19e1c8*=0xe) returned 0x0 [0107.166] RegCloseKey (hKey=0x2bc) returned 0x0 [0107.666] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", nBufferLength=0x105, lpBuffer=0x19db68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", lpFilePart=0x0) returned 0x69 [0107.666] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", nBufferLength=0x105, lpBuffer=0x19db10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", lpFilePart=0x0) returned 0x69 [0107.671] CoTaskMemAlloc (cb=0x20c) returned 0x5ed5d8 [0107.672] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5ed5d8, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x62 [0107.673] CoTaskMemFree (pv=0x5ed5d8) [0107.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", nBufferLength=0x105, lpBuffer=0x19dbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", lpFilePart=0x0) returned 0x62 [0108.336] GetCurrentProcess () returned 0xffffffff [0108.337] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dec8 | out: TokenHandle=0x19dec8*=0x2bc) returned 1 [0108.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19d9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0108.365] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec8 | out: lpFileInformation=0x19dec8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0108.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0108.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec8 | out: lpFileInformation=0x19dec8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0108.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0108.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ddf4) returned 1 [0108.374] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b4 [0108.375] GetFileType (hFile=0x2b4) returned 0x1 [0108.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ddf0) returned 1 [0108.375] GetFileType (hFile=0x2b4) returned 0x1 [0108.418] GetFileSize (in: hFile=0x2b4, lpFileSizeHigh=0x19debc | out: lpFileSizeHigh=0x19debc*=0x0) returned 0x8c8f [0108.419] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19de78, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19de78*=0x1000, lpOverlapped=0x0) returned 1 [0108.466] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dd14, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19dd14*=0x1000, lpOverlapped=0x0) returned 1 [0108.474] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dbc8, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19dbc8*=0x1000, lpOverlapped=0x0) returned 1 [0108.495] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dbc8, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19dbc8*=0x1000, lpOverlapped=0x0) returned 1 [0108.495] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dbc8, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19dbc8*=0x1000, lpOverlapped=0x0) returned 1 [0108.496] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19db00, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19db00*=0x1000, lpOverlapped=0x0) returned 1 [0108.512] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dc7c, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19dc7c*=0x1000, lpOverlapped=0x0) returned 1 [0108.517] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19db90, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19db90*=0x1000, lpOverlapped=0x0) returned 1 [0108.517] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19db90, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19db90*=0xc8f, lpOverlapped=0x0) returned 1 [0108.517] ReadFile (in: hFile=0x2b4, lpBuffer=0x220dcb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dc50, lpOverlapped=0x0 | out: lpBuffer=0x220dcb4*, lpNumberOfBytesRead=0x19dc50*=0x0, lpOverlapped=0x0) returned 1 [0108.518] CloseHandle (hObject=0x2b4) returned 1 [0108.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", nBufferLength=0x105, lpBuffer=0x19db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", lpFilePart=0x0) returned 0x69 [0108.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", nBufferLength=0x105, lpBuffer=0x19db14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", lpFilePart=0x0) returned 0x69 [0108.519] CoTaskMemAlloc (cb=0x20c) returned 0x5e9ce0 [0108.519] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5e9ce0, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe")) returned 0x62 [0108.519] CoTaskMemFree (pv=0x5e9ce0) [0108.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", nBufferLength=0x105, lpBuffer=0x19dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe", lpFilePart=0x0) returned 0x62 [0108.520] GetCurrentProcess () returned 0xffffffff [0108.520] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dff0 | out: TokenHandle=0x19dff0*=0x2b4) returned 1 [0108.521] GetCurrentProcess () returned 0xffffffff [0108.521] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dff0 | out: TokenHandle=0x19dff0*=0x2c0) returned 1 [0108.522] GetCurrentProcess () returned 0xffffffff [0108.522] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dec8 | out: TokenHandle=0x19dec8*=0x2c4) returned 1 [0108.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec8 | out: lpFileInformation=0x19dec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0108.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", nBufferLength=0x105, lpBuffer=0x19d970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config", lpFilePart=0x0) returned 0x69 [0108.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec8 | out: lpFileInformation=0x19dec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0108.524] GetCurrentProcess () returned 0xffffffff [0108.524] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dff0 | out: TokenHandle=0x19dff0*=0x2c8) returned 1 [0108.524] GetCurrentProcess () returned 0xffffffff [0108.524] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dff0 | out: TokenHandle=0x19dff0*=0x2cc) returned 1 [0108.555] GetCurrentProcess () returned 0xffffffff [0108.555] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ddb4 | out: TokenHandle=0x19ddb4*=0x2d0) returned 1 [0108.582] GetCurrentProcess () returned 0xffffffff [0108.582] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ddc8 | out: TokenHandle=0x19ddc8*=0x2d4) returned 1 [0109.276] CoTaskMemAlloc (cb=0xcc0) returned 0x5f43e8 [0109.277] RasEnumConnectionsW (in: param_1=0x5f43e8, param_2=0x19f070, param_3=0x19f074 | out: param_1=0x5f43e8, param_2=0x19f070, param_3=0x19f074) returned 0x0 [0109.514] CoTaskMemFree (pv=0x5f43e8) [0109.888] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19ee58 | out: lpWSAData=0x19ee58) returned 0 [0109.900] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x330 [0110.221] setsockopt (s=0x330, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0110.221] closesocket (s=0x330) returned 0 [0110.222] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x330 [0110.223] setsockopt (s=0x330, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0110.223] closesocket (s=0x330) returned 0 [0110.229] GetCurrentProcess () returned 0xffffffff [0110.229] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec0c | out: TokenHandle=0x19ec0c*=0x330) returned 1 [0110.243] GetCurrentProcess () returned 0xffffffff [0110.243] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec20 | out: TokenHandle=0x19ec20*=0x334) returned 1 [0110.288] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x338 [0110.293] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c [0110.294] ioctlsocket (in: s=0x338, cmd=-2147195266, argp=0x19f078 | out: argp=0x19f078) returned 0 [0110.295] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x340 [0110.295] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344 [0110.295] ioctlsocket (in: s=0x340, cmd=-2147195266, argp=0x19f078 | out: argp=0x19f078) returned 0 [0110.299] WSAIoctl (in: s=0x338, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f060, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f060, lpOverlapped=0x0) returned -1 [0110.302] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ed90, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0110.318] WSAEventSelect (s=0x338, hEventObject=0x33c, lNetworkEvents=512) returned 0 [0110.319] WSAIoctl (in: s=0x340, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f060, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f060, lpOverlapped=0x0) returned -1 [0110.319] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ed90, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0110.319] WSAEventSelect (s=0x340, hEventObject=0x344, lNetworkEvents=512) returned 0 [0110.319] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c [0110.320] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x34c, param_3=0x3) returned 0x0 [0110.333] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19f08c | out: phkResult=0x19f08c*=0x364) returned 0x0 [0110.334] RegOpenKeyExW (in: hKey=0x364, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f03c | out: phkResult=0x19f03c*=0x368) returned 0x0 [0110.334] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c [0110.335] RegNotifyChangeKeyValue (hKey=0x368, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x36c, fAsynchronous=1) returned 0x0 [0110.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f040 | out: phkResult=0x19f040*=0x370) returned 0x0 [0110.336] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0110.336] RegNotifyChangeKeyValue (hKey=0x370, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x374, fAsynchronous=1) returned 0x0 [0110.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f040 | out: phkResult=0x19f040*=0x378) returned 0x0 [0110.337] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0110.337] RegNotifyChangeKeyValue (hKey=0x378, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x37c, fAsynchronous=1) returned 0x0 [0110.337] GetCurrentProcess () returned 0xffffffff [0110.337] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f034 | out: TokenHandle=0x19f034*=0x380) returned 1 [0110.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e940 | out: phkResult=0x19e940*=0x384) returned 0x0 [0110.343] RegQueryValueExW (in: hKey=0x384, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x19e95c, lpData=0x0, lpcbData=0x19e958*=0x0 | out: lpType=0x19e95c*=0x0, lpData=0x0, lpcbData=0x19e958*=0x0) returned 0x2 [0110.343] RegCloseKey (hKey=0x384) returned 0x0 [0110.909] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5fa680 [0111.470] WinHttpSetTimeouts (hInternet=0x5fa680, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0111.471] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19f040 | out: pProxyConfig=0x19f040) returned 1 [0111.954] SystemFunction041 (in: Memory=0x5ede94, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x5ede94) returned 0x0 [0111.965] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d8 [0111.965] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0111.973] GetCurrentProcess () returned 0xffffffff [0111.974] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec2c | out: TokenHandle=0x19ec2c*=0x3e8) returned 1 [0111.977] GetCurrentProcess () returned 0xffffffff [0111.977] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec40 | out: TokenHandle=0x19ec40*=0x3ec) returned 1 [0111.981] QueryPerformanceFrequency (in: lpFrequency=0x4c5b80 | out: lpFrequency=0x4c5b80*=100000000) returned 1 [0111.982] QueryPerformanceCounter (in: lpPerformanceCount=0x19f048 | out: lpPerformanceCount=0x19f048*=2246971583342) returned 1 [0111.984] GetCurrentProcess () returned 0xffffffff [0111.984] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec10 | out: TokenHandle=0x19ec10*=0x3f0) returned 1 [0111.991] GetCurrentProcess () returned 0xffffffff [0111.991] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec24 | out: TokenHandle=0x19ec24*=0x3f4) returned 1 [0111.995] GetCurrentProcess () returned 0xffffffff [0111.995] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef30 | out: TokenHandle=0x19ef30*=0x3f8) returned 1 [0111.996] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19ef5c | out: phkResult=0x19ef5c*=0x3fc) returned 0x0 [0111.996] RegOpenKeyExW (in: hKey=0x3fc, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef0c | out: phkResult=0x19ef0c*=0x404) returned 0x0 [0111.996] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x408 [0111.996] RegNotifyChangeKeyValue (hKey=0x404, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x408, fAsynchronous=1) returned 0x0 [0111.997] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef10 | out: phkResult=0x19ef10*=0x40c) returned 0x0 [0111.997] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x410 [0111.997] RegNotifyChangeKeyValue (hKey=0x40c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x410, fAsynchronous=1) returned 0x0 [0111.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef10 | out: phkResult=0x19ef10*=0x414) returned 0x0 [0111.998] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418 [0111.998] RegNotifyChangeKeyValue (hKey=0x414, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x418, fAsynchronous=1) returned 0x0 [0111.998] GetCurrentProcess () returned 0xffffffff [0111.998] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef04 | out: TokenHandle=0x19ef04*=0x41c) returned 1 [0111.998] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5f8fa0 [0111.999] WinHttpSetTimeouts (hInternet=0x5f8fa0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0111.999] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19ef10 | out: pProxyConfig=0x19ef10) returned 1 [0112.019] CoTaskMemAlloc (cb=0x20c) returned 0x60ae90 [0112.019] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x60ae90, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.019] CoTaskMemFree (pv=0x60ae90) [0112.019] CoTaskMemAlloc (cb=0x20c) returned 0x60ae90 [0112.019] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x60ae90, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.019] CoTaskMemFree (pv=0x60ae90) [0112.030] EtwEventRegister (in: ProviderId=0x2233464, EnableCallback=0x4794146, CallbackContext=0x0, RegHandle=0x2233440 | out: RegHandle=0x2233440) returned 0x0 [0112.034] EtwEventSetInformation (RegHandle=0x55f148, InformationClass=0x3e, EventInformation=0x2, InformationLength=0x2233400) returned 0x0 [0112.036] GetCurrentProcess () returned 0xffffffff [0112.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ebd8 | out: TokenHandle=0x19ebd8*=0x428) returned 1 [0112.038] GetCurrentProcess () returned 0xffffffff [0112.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ebec | out: TokenHandle=0x19ebec*=0x42c) returned 1 [0112.064] GetCurrentProcess () returned 0xffffffff [0112.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eb7c | out: TokenHandle=0x19eb7c*=0x430) returned 1 [0112.065] GetCurrentProcess () returned 0xffffffff [0112.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eb90 | out: TokenHandle=0x19eb90*=0x434) returned 1 [0112.068] SetEvent (hEvent=0x3d8) returned 1 [0112.080] EtwEventRegister (in: ProviderId=0x2235ea4, EnableCallback=0x479416e, CallbackContext=0x0, RegHandle=0x2235e80 | out: RegHandle=0x2235e80) returned 0x0 [0112.080] EtwEventSetInformation (RegHandle=0x55f218, InformationClass=0x3f, EventInformation=0x2, InformationLength=0x2235e44) returned 0x0 [0112.082] SetEvent (hEvent=0x3d8) returned 1 [0112.092] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19eec4 | out: pFixedInfo=0x0, pOutBufLen=0x19eec4) returned 0x6f [0112.819] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x60bc88 [0112.819] GetNetworkParams (in: pFixedInfo=0x60bc88, pOutBufLen=0x19eec4 | out: pFixedInfo=0x60bc88, pOutBufLen=0x19eec4) returned 0x0 [0112.837] LocalFree (hMem=0x60bc88) returned 0x0 [0112.839] CoTaskMemAlloc (cb=0x20c) returned 0x60bc88 [0112.840] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x60bc88, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.840] CoTaskMemFree (pv=0x60bc88) [0112.840] CoTaskMemAlloc (cb=0x20c) returned 0x60bc88 [0112.840] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x60bc88, nSize=0x104 | out: lpBuffer="") returned 0x0 [0112.840] CoTaskMemFree (pv=0x60bc88) [0112.849] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x490 [0112.851] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x464 [0112.852] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x19edb4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19ed5c | out: ppResult=0x19ed5c*=0x5f2b50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x60a8c0*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5f2c18*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a860*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5f2c90*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8d8*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5f2ba0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5f2bf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a908*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5f2c40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x590b68*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x5f2cb8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x590bb0*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) returned 0 [0113.170] FreeAddrInfoW (pAddrInfo=0x5f2b50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x60a8c0*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5f2c18*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a860*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5f2c90*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8d8*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5f2ba0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5f2bf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a908*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5f2c40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x590b68*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x5f2cb8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x590bb0*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) [0113.172] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x19edb4*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19ed5c | out: ppResult=0x19ed5c*=0x5f2d80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x60a8f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5f2b50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a860*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5f2ba0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8c0*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5f2d30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8d8*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5f2c90*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a908*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5f2bf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a878*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x5f2cb8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x590928*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) returned 0 [0113.179] FreeAddrInfoW (pAddrInfo=0x5f2d80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x60a8f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5f2b50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a860*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5f2ba0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8c0*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5f2d30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a8d8*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5f2c90*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a908*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5f2bf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x60a878*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x5f2cb8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x590928*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) [0113.180] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0113.180] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c0 [0113.180] ioctlsocket (in: s=0x4bc, cmd=-2147195266, argp=0x19ed8c | out: argp=0x19ed8c) returned 0 [0113.180] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4 [0113.180] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c8 [0113.181] ioctlsocket (in: s=0x4c4, cmd=-2147195266, argp=0x19ed8c | out: argp=0x19ed8c) returned 0 [0113.181] WSAIoctl (in: s=0x4bc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ed74, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ed74, lpOverlapped=0x0) returned -1 [0113.181] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eaa4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0113.181] WSAEventSelect (s=0x4bc, hEventObject=0x4c0, lNetworkEvents=512) returned 0 [0113.181] WSAIoctl (in: s=0x4c4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ed74, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ed74, lpOverlapped=0x0) returned -1 [0113.181] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eaa4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0113.182] WSAEventSelect (s=0x4c4, hEventObject=0x4c8, lNetworkEvents=512) returned 0 [0113.182] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19ed70*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19ed70*=0xa78) returned 0x6f [0113.187] LocalAlloc (uFlags=0x0, uBytes=0xa78) returned 0x60df30 [0113.187] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x60df30, SizePointer=0x19ed70*=0xa78 | out: AdapterAddresses=0x60df30*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x60e1d8, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0x60e14c, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x0, [1]=0xa, [2]=0x50, [3]=0xe2, [4]=0x31, [5]=0x50, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0x60e0a8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x19ed70*=0xa78) returned 0x0 [0113.201] LocalFree (hMem=0x60df30) returned 0x0 [0113.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ed80 | out: phkResult=0x19ed80*=0x4cc) returned 0x0 [0113.206] RegQueryValueExW (in: hKey=0x4cc, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19ed9c, lpData=0x0, lpcbData=0x19ed98*=0x0 | out: lpType=0x19ed9c*=0x0, lpData=0x0, lpcbData=0x19ed98*=0x0) returned 0x2 [0113.206] RegCloseKey (hKey=0x4cc) returned 0x0 [0113.208] WSAConnect (in: s=0x490, name=0x223fa30*(sa_family=2, sin_port=0x50, sin_addr="132.226.247.73"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0113.441] closesocket (s=0x464) returned 0 [0113.449] send (s=0x490, buf=0x224065c*, len=151, flags=0) returned 151 [0113.452] setsockopt (s=0x490, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0113.453] recv (in: s=0x490, buf=0x223a968, len=4096, flags=0 | out: buf=0x223a968*) returned 275 [0113.672] setsockopt (s=0x490, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0113.672] SetEvent (hEvent=0x3d8) returned 1 [0113.700] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x464) returned 0x0 [0113.700] RegOpenKeyExW (in: hKey=0x464, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efa8 | out: phkResult=0x19efa8*=0x4cc) returned 0x0 [0113.700] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0 [0113.700] RegNotifyChangeKeyValue (hKey=0x4cc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4d0, fAsynchronous=1) returned 0x0 [0113.700] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efac | out: phkResult=0x19efac*=0x4d4) returned 0x0 [0113.700] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d8 [0113.701] RegNotifyChangeKeyValue (hKey=0x4d4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4d8, fAsynchronous=1) returned 0x0 [0113.701] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efac | out: phkResult=0x19efac*=0x4dc) returned 0x0 [0113.701] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e0 [0113.701] RegNotifyChangeKeyValue (hKey=0x4dc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4e0, fAsynchronous=1) returned 0x0 [0113.701] GetCurrentProcess () returned 0xffffffff [0113.701] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19efa0 | out: TokenHandle=0x19efa0*=0x4e4) returned 1 [0113.702] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5f9128 [0113.702] WinHttpSetTimeouts (hInternet=0x5f9128, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0113.702] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19efac | out: pProxyConfig=0x19efac) returned 1 [0113.707] QueryPerformanceCounter (in: lpPerformanceCount=0x19efb4 | out: lpPerformanceCount=0x19efb4*=2247144085487) returned 1 [0113.708] SetEvent (hEvent=0x3d8) returned 1 [0113.709] select (in: nfds=0, readfds=0x2244114, writefds=0x0, exceptfds=0x0, timeout=0x19eeb0*(tv_sec=0, tv_usec=0) | out: readfds=0x2244114, writefds=0x0, exceptfds=0x0) returned 0 [0113.709] send (s=0x490, buf=0x224065c*, len=127, flags=0) returned 127 [0113.710] setsockopt (s=0x490, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0113.710] recv (in: s=0x490, buf=0x223a968, len=4096, flags=0 | out: buf=0x223a968*) returned 275 [0113.919] setsockopt (s=0x490, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0113.919] SetEvent (hEvent=0x3d8) returned 1 [0116.232] QueryPerformanceCounter (in: lpPerformanceCount=0x19e854 | out: lpPerformanceCount=0x19e854*=2247396556992) returned 1 [0116.232] SetEvent (hEvent=0x3d8) returned 1 [0116.235] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f0 [0116.237] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4fc [0116.237] GetAddrInfoW (in: pNodeName="freegeoip.app", pServiceName=0x0, pHints=0x19e5bc*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19e564 | out: ppResult=0x19e564*=0x590b28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.app", ai_addr=0x6024c0*(sa_family=2, sin_port=0x0, sin_addr="172.67.188.154"), ai_next=0x5909c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x602478*(sa_family=2, sin_port=0x0, sin_addr="104.21.19.200"), ai_next=0x0))) returned 0 [0116.254] FreeAddrInfoW (pAddrInfo=0x590b28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.app", ai_addr=0x6024c0*(sa_family=2, sin_port=0x0, sin_addr="172.67.188.154"), ai_next=0x5909c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x602478*(sa_family=2, sin_port=0x0, sin_addr="104.21.19.200"), ai_next=0x0))) [0116.255] WSAConnect (in: s=0x4f0, name=0x225d584*(sa_family=2, sin_port=0x1bb, sin_addr="172.67.188.154"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0116.349] closesocket (s=0x4fc) returned 0 [0116.364] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cfe8 | out: phkResult=0x19cfe8*=0x0) returned 0x2 [0116.368] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x4fc) returned 0x0 [0116.368] RegQueryValueExW (in: hKey=0x4fc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19e51c, lpData=0x0, lpcbData=0x19e518*=0x0 | out: lpType=0x19e51c*=0x0, lpData=0x0, lpcbData=0x19e518*=0x0) returned 0x2 [0116.368] RegCloseKey (hKey=0x4fc) returned 0x0 [0116.492] EnumerateSecurityPackagesW (in: pcPackages=0x19e50c, ppPackageInfo=0x19e4a0 | out: pcPackages=0x19e50c, ppPackageInfo=0x19e4a0) returned 0x0 [0116.505] FreeContextBuffer (in: pvContextBuffer=0x6009b0 | out: pvContextBuffer=0x6009b0) returned 0x0 [0116.515] GetCurrentProcess () returned 0xffffffff [0116.515] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2ec | out: TokenHandle=0x19e2ec*=0x504) returned 1 [0116.516] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x225e93c, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x19e340, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x225fe44, ptsExpiry=0x19e2c4 | out: phCredential=0x225fe44, ptsExpiry=0x19e2c4) returned 0x0 [0117.533] InitializeSecurityContextW (in: phCredential=0x19e304, phContext=0x0, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x225ffd0, pfContextAttr=0x225e910, ptsExpiry=0x19e2fc | out: phNewContext=0x2260038, pOutput=0x225ffd0, pfContextAttr=0x225e910, ptsExpiry=0x19e2fc) returned 0x90312 [0117.534] FreeContextBuffer (in: pvContextBuffer=0x5ef6e0 | out: pvContextBuffer=0x5ef6e0) returned 0x0 [0117.550] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x74530000 [0117.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x19e34c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0117.553] GetProcAddress (hModule=0x74530000, lpProcName="GetCurrentPackageId") returned 0x76cdded0 [0117.553] GetCurrentPackageId () returned 0x3d54 [0117.555] send (s=0x4f0, buf=0x226004c*, len=125, flags=0) returned 125 [0117.557] recv (in: s=0x4f0, buf=0x226004c, len=5, flags=0 | out: buf=0x226004c*) returned 5 [0117.576] recv (in: s=0x4f0, buf=0x2260051, len=67, flags=0 | out: buf=0x2260051*) returned 67 [0117.578] InitializeSecurityContextW (in: phCredential=0x19e268, phContext=0x19e2f4, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2260578, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x226058c, pfContextAttr=0x225e910, ptsExpiry=0x19e260 | out: phNewContext=0x2260038, pOutput=0x226058c, pfContextAttr=0x225e910, ptsExpiry=0x19e260) returned 0x90312 [0117.579] recv (in: s=0x4f0, buf=0x226061c, len=5, flags=0 | out: buf=0x226061c*) returned 5 [0117.579] recv (in: s=0x4f0, buf=0x2260635, len=2353, flags=0 | out: buf=0x2260635*) returned 2353 [0117.579] InitializeSecurityContextW (in: phCredential=0x19e1d0, phContext=0x19e25c, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2260fd8, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x2260fec, pfContextAttr=0x225e910, ptsExpiry=0x19e1c8 | out: phNewContext=0x2260038, pOutput=0x2260fec, pfContextAttr=0x225e910, ptsExpiry=0x19e1c8) returned 0x90312 [0117.581] recv (in: s=0x4f0, buf=0x226107c, len=5, flags=0 | out: buf=0x226107c*) returned 5 [0117.581] recv (in: s=0x4f0, buf=0x2261095, len=147, flags=0 | out: buf=0x2261095*) returned 147 [0117.582] InitializeSecurityContextW (in: phCredential=0x19e138, phContext=0x19e1c4, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261198, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x22611ac, pfContextAttr=0x225e910, ptsExpiry=0x19e130 | out: phNewContext=0x2260038, pOutput=0x22611ac, pfContextAttr=0x225e910, ptsExpiry=0x19e130) returned 0x90312 [0117.582] recv (in: s=0x4f0, buf=0x226123c, len=5, flags=0 | out: buf=0x226123c*) returned 5 [0117.582] recv (in: s=0x4f0, buf=0x2261255, len=4, flags=0 | out: buf=0x2261255*) returned 4 [0117.582] InitializeSecurityContextW (in: phCredential=0x19e0a0, phContext=0x19e12c, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22612cc, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x22612e0, pfContextAttr=0x225e910, ptsExpiry=0x19e098 | out: phNewContext=0x2260038, pOutput=0x22612e0, pfContextAttr=0x225e910, ptsExpiry=0x19e098) returned 0x90312 [0117.622] FreeContextBuffer (in: pvContextBuffer=0x5f2e00 | out: pvContextBuffer=0x5f2e00) returned 0x0 [0117.622] send (s=0x4f0, buf=0x226135c*, len=134, flags=0) returned 134 [0117.623] recv (in: s=0x4f0, buf=0x226135c, len=5, flags=0 | out: buf=0x226135c*) returned 5 [0117.662] recv (in: s=0x4f0, buf=0x2261409, len=202, flags=0 | out: buf=0x2261409*) returned 202 [0117.662] InitializeSecurityContextW (in: phCredential=0x19e008, phContext=0x19e094, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261544, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x2261558, pfContextAttr=0x225e910, ptsExpiry=0x19e000 | out: phNewContext=0x2260038, pOutput=0x2261558, pfContextAttr=0x225e910, ptsExpiry=0x19e000) returned 0x90312 [0117.663] recv (in: s=0x4f0, buf=0x22615e8, len=5, flags=0 | out: buf=0x22615e8*) returned 5 [0117.663] recv (in: s=0x4f0, buf=0x2261601, len=1, flags=0 | out: buf=0x2261601*) returned 1 [0117.663] InitializeSecurityContextW (in: phCredential=0x19df70, phContext=0x19dffc, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261674, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x2261688, pfContextAttr=0x225e910, ptsExpiry=0x19df68 | out: phNewContext=0x2260038, pOutput=0x2261688, pfContextAttr=0x225e910, ptsExpiry=0x19df68) returned 0x90312 [0117.663] recv (in: s=0x4f0, buf=0x2261718, len=5, flags=0 | out: buf=0x2261718*) returned 5 [0117.664] recv (in: s=0x4f0, buf=0x2261731, len=48, flags=0 | out: buf=0x2261731*) returned 48 [0117.664] InitializeSecurityContextW (in: phCredential=0x19ded8, phContext=0x19df64, pTargetName=0x225d5d0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22617d4, Reserved2=0x0, phNewContext=0x2260038, pOutput=0x22617e8, pfContextAttr=0x225e910, ptsExpiry=0x19ded0 | out: phNewContext=0x2260038, pOutput=0x22617e8, pfContextAttr=0x225e910, ptsExpiry=0x19ded0) returned 0x0 [0118.231] QueryContextAttributesW (in: phContext=0x2260038, ulAttribute=0x4, pBuffer=0x2261894 | out: pBuffer=0x2261894) returned 0x0 [0118.232] QueryContextAttributesW (in: phContext=0x2260038, ulAttribute=0x5a, pBuffer=0x22618ec | out: pBuffer=0x22618ec) returned 0x0 [0118.241] QueryContextAttributesW (in: phContext=0x2260038, ulAttribute=0x53, pBuffer=0x2261ba0 | out: pBuffer=0x2261ba0) returned 0x0 [0118.249] CertDuplicateCertificateContext (pCertContext=0x5d6ff0) returned 0x5d6ff0 [0118.250] CertDuplicateStore (hCertStore=0x602638) returned 0x602638 [0118.251] CertEnumCertificatesInStore (hCertStore=0x602638, pPrevCertContext=0x0) returned 0x5d7130 [0118.251] CertDuplicateCertificateContext (pCertContext=0x5d7130) returned 0x5d7130 [0118.251] CertEnumCertificatesInStore (hCertStore=0x602638, pPrevCertContext=0x5d7130) returned 0x5d6ff0 [0118.251] CertDuplicateCertificateContext (pCertContext=0x5d6ff0) returned 0x5d6ff0 [0118.251] CertEnumCertificatesInStore (hCertStore=0x602638, pPrevCertContext=0x5d6ff0) returned 0x0 [0118.252] CertCloseStore (hCertStore=0x602638, dwFlags=0x0) returned 1 [0118.252] CertFreeCertificateContext (pCertContext=0x5d6ff0) returned 1 [0118.281] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x606cc8 [0118.285] CertAddCRLLinkToStore (in: hCertStore=0x606cc8, pCrlContext=0x5d7130, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0118.287] CertAddCRLLinkToStore (in: hCertStore=0x606cc8, pCrlContext=0x5d6ff0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0118.292] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x5d6ff0, pTime=0x19dee4, hAdditionalStore=0x606cc8, pChainPara=0x19de24, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x19de18 | out: ppChainContext=0x19de18) returned 1 [0118.304] CertDuplicateCertificateChain (pChainContext=0x5fc8b8) returned 0x5fc8b8 [0118.305] CertDuplicateCertificateContext (pCertContext=0x5d6ff0) returned 0x5d6ff0 [0118.306] CertDuplicateCertificateContext (pCertContext=0x5d73b0) returned 0x5d73b0 [0118.306] CertDuplicateCertificateContext (pCertContext=0x6004d0) returned 0x6004d0 [0118.306] CertFreeCertificateChain (pChainContext=0x5fc8b8) [0118.306] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5fc8b8, pPolicyPara=0x19dfc4, pPolicyStatus=0x19dfb0 | out: pPolicyStatus=0x19dfb0) returned 1 [0118.307] SetLastError (dwErrCode=0x0) [0118.309] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5fc8b8, pPolicyPara=0x19e030, pPolicyStatus=0x19dfd8 | out: pPolicyStatus=0x19dfd8) returned 1 [0118.335] CertFreeCertificateChain (pChainContext=0x5fc8b8) [0118.335] CertFreeCertificateContext (pCertContext=0x5d6ff0) returned 1 [0118.337] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0118.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5fc8b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0118.338] CoTaskMemFree (pv=0x5fc8b8) [0118.338] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0118.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5fc8b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0118.338] CoTaskMemFree (pv=0x5fc8b8) [0118.338] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0118.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5fc8b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0118.338] CoTaskMemFree (pv=0x5fc8b8) [0118.338] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0118.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5fc8b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0118.339] CoTaskMemFree (pv=0x5fc8b8) [0118.340] EncryptMessage (in: phContext=0x2260038, fQOP=0x0, pMessage=0x2269db0, MessageSeqNo=0x0 | out: pMessage=0x2269db0) returned 0x0 [0118.340] send (s=0x4f0, buf=0x2268888*, len=117, flags=0) returned 117 [0118.341] setsockopt (s=0x4f0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0118.342] recv (in: s=0x4f0, buf=0x2276048, len=5, flags=0 | out: buf=0x2276048*) returned 5 [0118.390] recv (in: s=0x4f0, buf=0x227604d, len=1264, flags=0 | out: buf=0x227604d*) returned 1264 [0118.393] DecryptMessage (in: phContext=0x2260038, pMessage=0x227a108, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x227a108, pfQOP=0x0) returned 0x0 [0118.396] setsockopt (s=0x4f0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0118.592] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0118.593] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0118.596] CoTaskMemFree (pv=0x5fc8b8) [0118.596] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ec0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0118.667] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x0) returned 0x2 [0118.668] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x0) returned 0x2 [0118.668] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x0) returned 0x2 [0118.669] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x5f4) returned 0x0 [0118.670] RegQueryInfoKeyW (in: hKey=0x5f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f6ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f6a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f6ac*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f6a8*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0118.670] RegEnumKeyExW (in: hKey=0x5f4, dwIndex=0x0, lpName=0x2281570, lpcchName=0x19f6c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19f6c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0118.670] RegEnumKeyExW (in: hKey=0x5f4, dwIndex=0x1, lpName=0x2281570, lpcchName=0x19f6c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19f6c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0118.670] RegEnumKeyExW (in: hKey=0x5f4, dwIndex=0x2, lpName=0x2281570, lpcchName=0x19f6c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19f6c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0118.672] RegOpenKeyExW (in: hKey=0x5f4, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x5e4) returned 0x0 [0118.673] RegQueryValueExW (in: hKey=0x5e4, lpValueName="Email", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.673] RegQueryValueExW (in: hKey=0x5e4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.673] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.673] RegQueryValueExW (in: hKey=0x5e4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.673] RegQueryValueExW (in: hKey=0x5e4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.673] RegCloseKey (hKey=0x5e4) returned 0x0 [0118.674] RegOpenKeyExW (in: hKey=0x5f4, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x5e4) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="Email", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x1, lpData=0x0, lpcbData=0x19f6a0*=0x1e) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="Email", lpReserved=0x0, lpType=0x19f6a4, lpData=0x2281aac, lpcbData=0x19f6a0*=0x1e | out: lpType=0x19f6a4*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f6a0*=0x1e) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x3, lpData=0x0, lpcbData=0x19f6a0*=0x121) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x2281b04, lpcbData=0x19f6a0*=0x121 | out: lpType=0x19f6a4*=0x3, lpData=0x2281b04*, lpcbData=0x19f6a0*=0x121) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x3, lpData=0x0, lpcbData=0x19f6a0*=0x121) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x2281c34, lpcbData=0x19f6a0*=0x121 | out: lpType=0x19f6a4*=0x3, lpData=0x2281c34*, lpcbData=0x19f6a0*=0x121) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x3, lpData=0x0, lpcbData=0x19f6a0*=0x121) returned 0x0 [0118.674] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x2281d64, lpcbData=0x19f6a0*=0x121 | out: lpType=0x19f6a4*=0x3, lpData=0x2281d64*, lpcbData=0x19f6a0*=0x121) returned 0x0 [0118.797] CryptUnprotectData (in: pDataIn=0x19f668, ppszDataDescr=0x0, pOptionalEntropy=0x19f660, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f670 | out: ppszDataDescr=0x0, pDataOut=0x19f670) returned 1 [0118.817] LocalFree (hMem=0x613840) returned 0x0 [0118.820] RegQueryValueExW (in: hKey=0x5e4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.822] RegQueryValueExW (in: hKey=0x5e4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.822] RegQueryValueExW (in: hKey=0x5e4, lpValueName="Email", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x1, lpData=0x0, lpcbData=0x19f6a0*=0x1e) returned 0x0 [0118.822] RegQueryValueExW (in: hKey=0x5e4, lpValueName="Email", lpReserved=0x0, lpType=0x19f6a4, lpData=0x2282094, lpcbData=0x19f6a0*=0x1e | out: lpType=0x19f6a4*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f6a0*=0x1e) returned 0x0 [0118.872] RegQueryValueExW (in: hKey=0x5e4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x1, lpData=0x0, lpcbData=0x19f6a0*=0x1c) returned 0x0 [0118.872] RegQueryValueExW (in: hKey=0x5e4, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f6a4, lpData=0x2283514, lpcbData=0x19f6a0*=0x1c | out: lpType=0x19f6a4*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f6a0*=0x1c) returned 0x0 [0118.882] RegCloseKey (hKey=0x5e4) returned 0x0 [0118.882] RegOpenKeyExW (in: hKey=0x5f4, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f684 | out: phkResult=0x19f684*=0x5e4) returned 0x0 [0118.882] RegQueryValueExW (in: hKey=0x5e4, lpValueName="Email", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.882] RegQueryValueExW (in: hKey=0x5e4, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.882] RegQueryValueExW (in: hKey=0x5e4, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.882] RegQueryValueExW (in: hKey=0x5e4, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.882] RegQueryValueExW (in: hKey=0x5e4, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f6a4, lpData=0x0, lpcbData=0x19f6a0*=0x0 | out: lpType=0x19f6a4*=0x0, lpData=0x0, lpcbData=0x19f6a0*=0x0) returned 0x2 [0118.882] RegCloseKey (hKey=0x5e4) returned 0x0 [0119.032] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\Foxmail.url.mailto\\Shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f734 | out: phkResult=0x19f734*=0x0) returned 0x2 [0119.154] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.154] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.155] CoTaskMemFree (pv=0x5fc8b8) [0119.155] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58 [0119.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.340] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58 [0119.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.389] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.389] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.389] CoTaskMemFree (pv=0x5fc8b8) [0119.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0119.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0119.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.418] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.418] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.418] CoTaskMemFree (pv=0x5fc8b8) [0119.418] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.418] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0119.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0119.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.450] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.450] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.452] CoTaskMemFree (pv=0x5fc8b8) [0119.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0119.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0119.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.498] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.498] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.498] CoTaskMemFree (pv=0x5fc8b8) [0119.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0119.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0119.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.551] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.551] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.551] CoTaskMemFree (pv=0x5fc8b8) [0119.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0119.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.558] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0119.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.596] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.596] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.596] CoTaskMemFree (pv=0x5fc8b8) [0119.596] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.597] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0119.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0119.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.646] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.646] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.646] CoTaskMemFree (pv=0x5fc8b8) [0119.646] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0119.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.647] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.666] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0119.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.666] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.696] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.696] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.696] CoTaskMemFree (pv=0x5fc8b8) [0119.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.717] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.743] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.743] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.743] CoTaskMemFree (pv=0x5fc8b8) [0119.743] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.743] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\slimjet\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\slimjet\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.804] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.804] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.804] CoTaskMemFree (pv=0x5fc8b8) [0119.804] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.804] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.812] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.813] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.874] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.874] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.874] CoTaskMemFree (pv=0x5fc8b8) [0119.874] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.874] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.875] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.886] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0119.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.918] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.918] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.918] CoTaskMemFree (pv=0x5fc8b8) [0119.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0119.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.924] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0119.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.951] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.951] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.951] CoTaskMemFree (pv=0x5fc8b8) [0119.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0119.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0119.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0119.982] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0119.982] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0119.982] CoTaskMemFree (pv=0x5fc8b8) [0119.982] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0119.982] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0119.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0119.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ghostbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0119.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0119.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0119.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ghostbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.029] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.029] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.029] CoTaskMemFree (pv=0x5fc8b8) [0120.029] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.030] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0120.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.036] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0120.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.064] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.064] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.065] CoTaskMemFree (pv=0x5fc8b8) [0120.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xvast\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.070] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xvast\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.091] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.091] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.091] CoTaskMemFree (pv=0x5fc8b8) [0120.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0120.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0120.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.126] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.126] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.126] CoTaskMemFree (pv=0x5fc8b8) [0120.126] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0120.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\superbird\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.139] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0120.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\superbird\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.158] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.158] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.158] CoTaskMemFree (pv=0x5fc8b8) [0120.158] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0120.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.164] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0120.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.184] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.184] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.184] CoTaskMemFree (pv=0x5fc8b8) [0120.184] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.185] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0120.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.189] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0120.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.213] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.213] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.213] CoTaskMemFree (pv=0x5fc8b8) [0120.213] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.213] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0120.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.218] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0120.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.234] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.234] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.234] CoTaskMemFree (pv=0x5fc8b8) [0120.234] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.234] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x5c [0120.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x5c [0120.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.255] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.255] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.255] CoTaskMemFree (pv=0x5fc8b8) [0120.255] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.255] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.275] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.276] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.276] CoTaskMemFree (pv=0x5fc8b8) [0120.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", lpFilePart=0x0) returned 0x55 [0120.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\user data_i18n\\default\\uc login data.18"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.281] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", lpFilePart=0x0) returned 0x55 [0120.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\user data_i18n\\default\\uc login data.18"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.308] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.308] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.308] CoTaskMemFree (pv=0x5fc8b8) [0120.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blisk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blisk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.336] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.336] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5fc8b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.336] CoTaskMemFree (pv=0x5fc8b8) [0120.336] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.336] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0120.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.337] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.342] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0120.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.568] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", nBufferLength=0x105, lpBuffer=0x19f158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", lpFilePart=0x0) returned 0x4c [0120.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f5b8) returned 1 [0120.568] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f634 | out: lpFileInformation=0x19f634*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f5b4) returned 1 [0120.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat", nBufferLength=0x105, lpBuffer=0x19f158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat", lpFilePart=0x0) returned 0x42 [0120.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f5b8) returned 1 [0120.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera\\opera\\profile\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f634 | out: lpFileInformation=0x19f634*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f5b4) returned 1 [0120.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f0a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0120.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f508) returned 1 [0120.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x19f584 | out: lpFileInformation=0x19f584*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf98a7e9c, ftLastAccessTime.dwHighDateTime=0x1d7b06c, ftLastWriteTime.dwLowDateTime=0xf98a7e9c, ftLastWriteTime.dwHighDateTime=0x1d7b06c, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0120.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f504) returned 1 [0120.774] CoTaskMemAlloc (cb=0x20c) returned 0x5fc8b8 [0120.774] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5fc8b8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0120.775] CoTaskMemFree (pv=0x5fc8b8) [0120.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19ef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0120.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f404) returned 1 [0120.776] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0120.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d628) returned 1 [0120.822] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0120.822] GetEnvironmentVariableW (in: lpName="AppData", lpBuffer=0x60f0a8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0120.822] CoTaskMemFree (pv=0x60f0a8) [0120.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml", nBufferLength=0x105, lpBuffer=0x19f350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml", lpFilePart=0x0) returned 0x3a [0120.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7b0) returned 1 [0120.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\.purple\\accounts.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f82c | out: lpFileInformation=0x19f82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f7ac) returned 1 [0120.867] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0120.867] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.867] CoTaskMemFree (pv=0x60f0a8) [0120.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19f0f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x4e [0120.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f558) returned 1 [0120.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao7\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19f5d4 | out: lpFileInformation=0x19f5d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f554) returned 1 [0120.911] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0120.912] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.912] CoTaskMemFree (pv=0x60f0a8) [0120.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f0f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0120.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f53c) returned 1 [0120.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\avast software\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f5b8 | out: lpFileInformation=0x19f5b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f538) returned 1 [0120.952] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0120.952] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.952] CoTaskMemFree (pv=0x60f0a8) [0120.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kinza\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0120.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kinza\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0120.981] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0120.981] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0120.981] CoTaskMemFree (pv=0x60f0a8) [0120.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0120.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0120.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0120.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blackhawk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0120.986] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0120.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0120.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blackhawk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.003] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.004] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.004] CoTaskMemFree (pv=0x60f0a8) [0121.004] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.004] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0121.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0121.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.013] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.032] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.032] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.032] CoTaskMemFree (pv=0x60f0a8) [0121.032] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.032] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0121.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0121.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.058] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.058] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.058] CoTaskMemFree (pv=0x60f0a8) [0121.058] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.058] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0121.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.064] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0121.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.081] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.081] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.081] CoTaskMemFree (pv=0x60f0a8) [0121.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0121.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.139] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0121.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.159] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.159] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.159] CoTaskMemFree (pv=0x60f0a8) [0121.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0121.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.163] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0121.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.228] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.229] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x60f0a8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0121.229] CoTaskMemFree (pv=0x60f0a8) [0121.229] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x6c [0121.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.235] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x6c [0121.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.267] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.267] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.267] CoTaskMemFree (pv=0x60f0a8) [0121.267] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.267] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0121.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0121.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.295] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.295] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.295] CoTaskMemFree (pv=0x60f0a8) [0121.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0121.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.305] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0121.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.329] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.329] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.329] CoTaskMemFree (pv=0x60f0a8) [0121.329] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.329] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0121.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\salamweb\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.336] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0121.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.337] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\salamweb\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.362] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.362] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.362] CoTaskMemFree (pv=0x60f0a8) [0121.362] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.362] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0121.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.368] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0121.368] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.368] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.368] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.393] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.394] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.394] CoTaskMemFree (pv=0x60f0a8) [0121.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0121.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0121.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.435] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.435] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.435] CoTaskMemFree (pv=0x60f0a8) [0121.435] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.435] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0121.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0121.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.482] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.482] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0121.482] CoTaskMemFree (pv=0x60f0a8) [0121.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0121.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0121.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6ec) returned 1 [0121.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f768 | out: lpFileInformation=0x19f768*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6e8) returned 1 [0121.487] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0121.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f79c) returned 1 [0121.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f818 | out: lpFileInformation=0x19f818*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f798) returned 1 [0121.514] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0121.514] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0121.515] CoTaskMemFree (pv=0x60f0a8) [0121.515] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0121.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19f318, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0121.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f774) returned 1 [0121.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x19f7f0 | out: lpFileInformation=0x19f7f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f770) returned 1 [0121.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19f318, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0121.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f774) returned 1 [0121.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x19f7f0 | out: lpFileInformation=0x19f7f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0121.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f770) returned 1 [0121.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19f220, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0121.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f714) returned 1 [0121.663] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0121.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ddf0) returned 1 [0122.111] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.111] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.111] CoTaskMemFree (pv=0x60f0a8) [0122.111] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles", lpFilePart=0x0) returned 0x3d [0122.115] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", lpFilePart=0x0) returned 0x3e [0122.115] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.157] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.157] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.157] CoTaskMemFree (pv=0x60f0a8) [0122.157] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.157] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", lpFilePart=0x0) returned 0x44 [0122.157] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", lpFilePart=0x0) returned 0x45 [0122.157] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.190] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.190] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.190] CoTaskMemFree (pv=0x60f0a8) [0122.190] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.190] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x3e [0122.190] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpFilePart=0x0) returned 0x3f [0122.190] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.215] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.215] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.215] CoTaskMemFree (pv=0x60f0a8) [0122.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpFilePart=0x0) returned 0x3b [0122.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpFilePart=0x0) returned 0x3b [0122.215] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.246] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.246] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.246] CoTaskMemFree (pv=0x60f0a8) [0122.246] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.247] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", lpFilePart=0x0) returned 0x40 [0122.247] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\", lpFilePart=0x0) returned 0x41 [0122.247] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.283] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.283] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.283] CoTaskMemFree (pv=0x60f0a8) [0122.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles", lpFilePart=0x0) returned 0x3f [0122.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\", lpFilePart=0x0) returned 0x40 [0122.283] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.320] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.320] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.320] CoTaskMemFree (pv=0x60f0a8) [0122.321] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.321] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", lpFilePart=0x0) returned 0x44 [0122.321] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", lpFilePart=0x0) returned 0x45 [0122.321] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.357] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.357] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.357] CoTaskMemFree (pv=0x60f0a8) [0122.357] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.358] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", lpFilePart=0x0) returned 0x4e [0122.358] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", lpFilePart=0x0) returned 0x4f [0122.358] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.386] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.386] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.386] CoTaskMemFree (pv=0x60f0a8) [0122.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.387] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles", lpFilePart=0x0) returned 0x37 [0122.387] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", lpFilePart=0x0) returned 0x38 [0122.387] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.421] CoTaskMemAlloc (cb=0x20c) returned 0x60f0a8 [0122.421] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x60f0a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0122.421] CoTaskMemFree (pv=0x60f0a8) [0122.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0122.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7bc) returned 1 [0122.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles", lpFilePart=0x0) returned 0x39 [0122.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\", lpFilePart=0x0) returned 0x3a [0122.421] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\*", lpFindFileData=0x19f4e4 | out: lpFindFileData=0x19f4e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0122.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0122.585] GetCurrentProcess () returned 0xffffffff [0122.586] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f384 | out: TokenHandle=0x19f384*=0x5e4) returned 1 [0122.591] GetCurrentProcess () returned 0xffffffff [0122.591] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f398 | out: TokenHandle=0x19f398*=0x5fc) returned 1 [0122.641] GetUserNameW (in: lpBuffer=0x19f534, pcbBuffer=0x19f7ac | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f7ac) returned 1 [0122.646] GetUserNameW (in: lpBuffer=0x19f534, pcbBuffer=0x19f7ac | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f7ac) returned 1 [0122.654] GetUserNameW (in: lpBuffer=0x19f504, pcbBuffer=0x19f77c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f77c) returned 1 [0122.661] GetUserNameW (in: lpBuffer=0x19f504, pcbBuffer=0x19f77c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f77c) returned 1 [0122.695] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0122.695] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22ca910, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0122.794] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0122.794] SystemFunction040 (in: Memory=0x6190f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6190f4) returned 0x0 [0122.797] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f698 | out: UnbiasedTime=0x19f698) returned 1 [0122.813] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f688 | out: UnbiasedTime=0x19f688) returned 1 [0122.825] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x610 [0122.825] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x62c [0122.827] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x630 [0122.828] SetEvent (hEvent=0x3d8) returned 1 [0122.831] ReleaseMutex (hMutex=0x630) returned 1 [0122.831] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0122.832] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x638 [0122.832] GetAddrInfoW (in: pNodeName="mail.24310.gr", pServiceName=0x0, pHints=0x19f4e4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f48c | out: ppResult=0x19f48c*=0x615670*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="24310.gr", ai_addr=0x60a860*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) returned 0 [0122.848] FreeAddrInfoW (pAddrInfo=0x615670*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="24310.gr", ai_addr=0x60a860*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) [0122.849] GetAddrInfoW (in: pNodeName="mail.24310.gr", pServiceName=0x0, pHints=0x19f4e4*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f48c | out: ppResult=0x19f48c*=0x6155a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.24310.gr", ai_addr=0x602490*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) returned 0 [0122.851] FreeAddrInfoW (pAddrInfo=0x6155a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.24310.gr", ai_addr=0x602490*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) [0122.852] WSAConnect (in: s=0x634, name=0x22cc6cc*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0122.881] closesocket (s=0x638) returned 0 [0122.881] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0122.882] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 179 [0122.959] send (s=0x634, buf=0x22caf34*, len=13, flags=0) returned 13 [0122.960] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 205 [0122.991] send (s=0x634, buf=0x22caf34*, len=33, flags=0) returned 33 [0122.991] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 18 [0123.054] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0123.054] SystemFunction041 (in: Memory=0x6190f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6190f4) returned 0x0 [0123.054] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0123.054] SystemFunction040 (in: Memory=0x6190f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6190f4) returned 0x0 [0123.054] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0123.054] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0123.055] send (s=0x634, buf=0x22caf34*, len=18, flags=0) returned 18 [0123.055] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 30 [0123.088] send (s=0x634, buf=0x22caf34*, len=28, flags=0) returned 28 [0123.088] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 8 [0123.137] send (s=0x634, buf=0x22caf34*, len=33, flags=0) returned 33 [0123.137] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 14 [0123.174] send (s=0x634, buf=0x22caf34*, len=6, flags=0) returned 6 [0123.174] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 56 [0123.223] CoCreateGuid (in: pguid=0x19f644 | out: pguid=0x19f644*(Data1=0xed415e02, Data2=0x336c, Data3=0x4b3c, Data4=([0]=0x9a, [1]=0x2f, [2]=0xdd, [3]=0x31, [4]=0xb6, [5]=0xc7, [6]=0x5d, [7]=0xd8))) returned 0x0 [0123.241] send (s=0x634, buf=0x22ce588*, len=248, flags=0) returned 248 [0123.244] send (s=0x634, buf=0x22d4b8c*, len=146, flags=0) returned 146 [0123.246] send (s=0x634, buf=0x22d4b8c*, len=43, flags=0) returned 43 [0123.248] send (s=0x634, buf=0x22d4b8c*, len=171, flags=0) returned 171 [0123.250] send (s=0x634, buf=0x22d4b8c*, len=996, flags=0) returned 996 [0123.251] send (s=0x634, buf=0x22d4b8c*, len=166, flags=0) returned 166 [0123.252] send (s=0x634, buf=0x22d4b8c*, len=498, flags=0) returned 498 [0123.252] send (s=0x634, buf=0x22d4b8c*, len=57, flags=0) returned 57 [0123.252] send (s=0x634, buf=0x22ce588*, len=2, flags=0) returned 2 [0123.253] send (s=0x634, buf=0x22caf34*, len=5, flags=0) returned 5 [0123.253] recv (in: s=0x634, buf=0x22cc744, len=256, flags=0 | out: buf=0x22cc744*) returned 28 [0123.365] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0123.400] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000 [0123.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f748, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW6iu{/Ò «´kTü\x19", lpUsedDefaultChar=0x0) returned 14 [0123.402] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0 [0123.405] GetStockObject (i=5) returned 0x1900015 [0123.409] GetModuleHandleW (lpModuleName=0x0) returned 0x4650000 [0123.418] CoTaskMemAlloc (cb=0x5c) returned 0x5e8f10 [0123.418] RegisterClassW (lpWndClass=0x19f738) returned 0xc1da [0123.420] CoTaskMemFree (pv=0x5e8f10) [0123.420] GetModuleHandleW (lpModuleName=0x0) returned 0x4650000 [0123.421] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.19fd5c7_r32_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x4650000, lpParam=0x0) returned 0x701e2 [0123.444] SetWindowLongW (hWnd=0x701e2, nIndex=-4, dwNewLong=1999548128) returned 75055550 [0123.447] GetWindowLongW (hWnd=0x701e2, nIndex=-4) returned 1999548128 [0123.449] GetCurrentProcess () returned 0xffffffff [0123.449] GetCurrentThread () returned 0xfffffffe [0123.449] GetCurrentProcess () returned 0xffffffff [0123.449] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f010, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f010*=0x640) returned 1 [0123.456] GetCurrentThreadId () returned 0x60 [0123.457] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef94 | out: phkResult=0x19ef94*=0x644) returned 0x0 [0123.458] RegQueryValueExW (in: hKey=0x644, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19efb4, lpData=0x0, lpcbData=0x19efb0*=0x0 | out: lpType=0x19efb4*=0x0, lpData=0x0, lpcbData=0x19efb0*=0x0) returned 0x2 [0123.458] RegQueryValueExW (in: hKey=0x644, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19efb4, lpData=0x0, lpcbData=0x19efb0*=0x0 | out: lpType=0x19efb4*=0x0, lpData=0x0, lpcbData=0x19efb0*=0x0) returned 0x2 [0123.458] RegCloseKey (hKey=0x644) returned 0x0 [0123.486] SetWindowLongW (hWnd=0x701e2, nIndex=-4, dwNewLong=75055590) returned 1999548128 [0123.486] GetWindowLongW (hWnd=0x701e2, nIndex=-4) returned 75055590 [0123.486] GetWindowLongW (hWnd=0x701e2, nIndex=-16) returned 79691776 [0123.488] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x701e2, Msg=0x24, wParam=0x0, lParam=0x19f2ac) returned 0x0 [0123.488] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d5 [0123.489] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x701e2, Msg=0x81, wParam=0x0, lParam=0x19f2a0) returned 0x1 [0123.490] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x701e2, Msg=0x83, wParam=0x0, lParam=0x19f28c) returned 0x0 [0123.497] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x701e2, Msg=0x1, wParam=0x0, lParam=0x19f2a0) returned 0x0 [0123.498] SetTimer (hWnd=0x701e2, nIDEvent=0x1, uElapse=0x64, lpTimerFunc=0x0) returned 0x1 [0123.509] GetWindowThreadProcessId (in: hWnd=0x701e2, lpdwProcessId=0x19f878 | out: lpdwProcessId=0x19f878) returned 0x60 [0123.509] GetCurrentThreadId () returned 0x60 [0123.509] IsWindow (hWnd=0x701e2) returned 1 [0123.509] KillTimer (hWnd=0x701e2, uIDEvent=0x1) returned 1 [0123.509] SetTimer (hWnd=0x701e2, nIDEvent=0x2, uElapse=0x4992636, lpTimerFunc=0x0) returned 0x2 [0123.519] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1b6 [0123.519] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc181 [0123.521] GetSystemMetrics (nIndex=75) returned 1 [0123.534] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0123.541] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x680e0000 [0123.568] GetStockObject (i=5) returned 0x1900015 [0123.568] GetModuleHandleW (lpModuleName=0x0) returned 0x4650000 [0123.569] CoTaskMemAlloc (cb=0x5c) returned 0x5e8f78 [0123.569] RegisterClassW (lpWndClass=0x19f668) returned 0xc150 [0123.569] CoTaskMemFree (pv=0x5e8f78) [0123.570] GetModuleHandleW (lpModuleName=0x0) returned 0x4650000 [0123.570] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.19fd5c7_r32_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x4650000, lpParam=0x0) returned 0x1c02b4 [0123.570] SetWindowLongW (hWnd=0x1c02b4, nIndex=-4, dwNewLong=1999548128) returned 75055630 [0123.570] GetWindowLongW (hWnd=0x1c02b4, nIndex=-4) returned 1999548128 [0123.571] SetWindowLongW (hWnd=0x1c02b4, nIndex=-4, dwNewLong=75055670) returned 1999548128 [0123.571] GetWindowLongW (hWnd=0x1c02b4, nIndex=-4) returned 75055670 [0123.571] GetWindowLongW (hWnd=0x1c02b4, nIndex=-16) returned 113311744 [0123.572] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc180 [0123.572] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x1c02b4, Msg=0x24, wParam=0x0, lParam=0x19f1dc) returned 0x0 [0123.572] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x1c02b4, Msg=0x81, wParam=0x0, lParam=0x19f1d0) returned 0x1 [0123.572] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x1c02b4, Msg=0x83, wParam=0x0, lParam=0x19f1bc) returned 0x0 [0123.573] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x1c02b4, Msg=0x1, wParam=0x0, lParam=0x19f1d0) returned 0x0 [0123.573] GetClientRect (in: hWnd=0x1c02b4, lpRect=0x19eefc | out: lpRect=0x19eefc) returned 1 [0123.573] GetWindowRect (in: hWnd=0x1c02b4, lpRect=0x19eefc | out: lpRect=0x19eefc) returned 1 [0123.575] GetParent (hWnd=0x1c02b4) returned 0x0 [0123.577] OleInitialize (pvReserved=0x0) returned 0x80010106 [0123.578] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f888 | out: lplpMessageFilter=0x19f888*=0x0) returned 0x80004021 [0123.579] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0123.580] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0123.580] WaitMessage () returned 1 [0133.593] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0133.595] IsWindowUnicode (hWnd=0x701e2) returned 1 [0133.596] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0133.602] TranslateMessage (lpMsg=0x19f85c) returned 0 [0133.602] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0133.701] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0133.703] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0133.703] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0133.704] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0133.706] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0133.706] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22e5c34, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0133.707] SysStringLen (param_1="?_bEpvL{rN$%誁母、5") returned 0x10 [0133.707] SystemFunction040 (in: Memory=0x6366ec, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6366ec) returned 0x0 [0133.707] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0133.707] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0133.710] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0133.715] recv (in: s=0x634, buf=0x22e6124, len=80, flags=0 | out: buf=0x22e6124*) returned 44 [0133.738] shutdown (s=0x634, how=2) returned 0 [0133.738] closesocket (s=0x634) returned 0 [0133.739] ReleaseMutex (hMutex=0x630) returned 1 [0133.739] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0133.740] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x650 [0133.741] WSAConnect (in: s=0x634, name=0x22e63a4*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0133.800] closesocket (s=0x650) returned 0 [0133.800] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0133.801] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 179 [0133.801] send (s=0x634, buf=0x22e5f14*, len=13, flags=0) returned 13 [0133.802] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 205 [0133.830] send (s=0x634, buf=0x22e5f14*, len=33, flags=0) returned 33 [0133.830] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 18 [0133.906] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸蒍裟쉏ⷁ㭳䢣➞") returned 0x10 [0133.907] SystemFunction041 (in: Memory=0x6366ec, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6366ec) returned 0x0 [0133.907] SysStringLen (param_1="?_bEpvL{rN$%誁母、5") returned 0x10 [0133.907] SystemFunction040 (in: Memory=0x6366ec, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6366ec) returned 0x0 [0133.907] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0133.907] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0133.907] send (s=0x634, buf=0x22e5f14*, len=18, flags=0) returned 18 [0133.908] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 30 [0133.937] send (s=0x634, buf=0x22e5f14*, len=28, flags=0) returned 28 [0133.938] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 8 [0134.007] send (s=0x634, buf=0x22e5f14*, len=33, flags=0) returned 33 [0134.008] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 14 [0134.073] send (s=0x634, buf=0x22e5f14*, len=6, flags=0) returned 6 [0134.074] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 56 [0134.095] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x774a4c57, Data2=0x9f18, Data3=0x4d6c, Data4=([0]=0xa0, [1]=0xf8, [2]=0xab, [3]=0xe1, [4]=0xa, [5]=0xa, [6]=0x14, [7]=0x49))) returned 0x0 [0134.097] send (s=0x634, buf=0x22e7b8c*, len=248, flags=0) returned 248 [0134.098] send (s=0x634, buf=0x22edb08*, len=146, flags=0) returned 146 [0134.098] send (s=0x634, buf=0x22edb08*, len=43, flags=0) returned 43 [0134.100] send (s=0x634, buf=0x22edb08*, len=171, flags=0) returned 171 [0134.101] send (s=0x634, buf=0x22edb08*, len=996, flags=0) returned 996 [0134.101] send (s=0x634, buf=0x22edb08*, len=166, flags=0) returned 166 [0134.102] send (s=0x634, buf=0x22edb08*, len=498, flags=0) returned 498 [0134.103] send (s=0x634, buf=0x22edb08*, len=57, flags=0) returned 57 [0134.103] send (s=0x634, buf=0x22e7b8c*, len=2, flags=0) returned 2 [0134.103] send (s=0x634, buf=0x22e5f14*, len=5, flags=0) returned 5 [0134.104] recv (in: s=0x634, buf=0x22e641c, len=256, flags=0 | out: buf=0x22e641c*) returned 28 [0134.309] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0134.310] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0134.310] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0134.310] WaitMessage () returned 1 [0143.516] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0143.516] IsWindowUnicode (hWnd=0x701e2) returned 1 [0143.517] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0143.518] TranslateMessage (lpMsg=0x19f85c) returned 0 [0143.518] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0143.521] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0143.523] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0143.524] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0143.524] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0143.528] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0143.528] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22fbf5c, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0143.529] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0143.529] SystemFunction040 (in: Memory=0x636b84, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636b84) returned 0x0 [0143.529] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0143.529] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0143.531] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0143.532] recv (in: s=0x634, buf=0x22fc408, len=80, flags=0 | out: buf=0x22fc408*) returned 44 [0143.559] shutdown (s=0x634, how=2) returned 0 [0143.559] closesocket (s=0x634) returned 0 [0143.560] ReleaseMutex (hMutex=0x630) returned 1 [0143.560] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0143.562] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x650 [0143.563] WSAConnect (in: s=0x634, name=0x22fc688*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0143.597] closesocket (s=0x650) returned 0 [0143.597] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0143.598] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 179 [0143.617] send (s=0x634, buf=0x22fc23c*, len=13, flags=0) returned 13 [0143.617] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 205 [0143.637] send (s=0x634, buf=0x22fc23c*, len=33, flags=0) returned 33 [0143.638] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 18 [0143.662] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸サ旙ݭЪᱦዃ䃹") returned 0x10 [0143.662] SystemFunction041 (in: Memory=0x636b84, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636b84) returned 0x0 [0143.662] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0143.662] SystemFunction040 (in: Memory=0x636b84, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636b84) returned 0x0 [0143.662] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0143.662] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0143.663] send (s=0x634, buf=0x22fc23c*, len=18, flags=0) returned 18 [0143.663] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 30 [0143.689] send (s=0x634, buf=0x22fc23c*, len=28, flags=0) returned 28 [0143.689] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 8 [0143.710] send (s=0x634, buf=0x22fc23c*, len=33, flags=0) returned 33 [0143.710] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 14 [0143.731] send (s=0x634, buf=0x22fc23c*, len=6, flags=0) returned 6 [0143.732] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 56 [0143.747] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x6cd93f0c, Data2=0x2fae, Data3=0x4a55, Data4=([0]=0x95, [1]=0x88, [2]=0xf6, [3]=0x75, [4]=0xd0, [5]=0x42, [6]=0xa8, [7]=0xea))) returned 0x0 [0143.748] send (s=0x634, buf=0x22fde70*, len=248, flags=0) returned 248 [0143.750] send (s=0x634, buf=0x2303de8*, len=146, flags=0) returned 146 [0143.750] send (s=0x634, buf=0x2303de8*, len=43, flags=0) returned 43 [0143.751] send (s=0x634, buf=0x2303de8*, len=171, flags=0) returned 171 [0143.753] send (s=0x634, buf=0x2303de8*, len=996, flags=0) returned 996 [0143.753] send (s=0x634, buf=0x2303de8*, len=166, flags=0) returned 166 [0143.755] send (s=0x634, buf=0x2303de8*, len=498, flags=0) returned 498 [0143.755] send (s=0x634, buf=0x2303de8*, len=57, flags=0) returned 57 [0143.755] send (s=0x634, buf=0x22fde70*, len=2, flags=0) returned 2 [0143.756] send (s=0x634, buf=0x22fc23c*, len=5, flags=0) returned 5 [0143.756] recv (in: s=0x634, buf=0x22fc700, len=256, flags=0 | out: buf=0x22fc700*) returned 28 [0143.967] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0143.967] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0143.967] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0143.967] WaitMessage () returned 1 [0153.512] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0153.512] IsWindowUnicode (hWnd=0x701e2) returned 1 [0153.512] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0153.513] TranslateMessage (lpMsg=0x19f85c) returned 0 [0153.513] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0153.514] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0153.518] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0153.518] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0153.518] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0153.521] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0153.522] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x231223c, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0153.522] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0153.522] SystemFunction040 (in: Memory=0x636c64, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636c64) returned 0x0 [0153.523] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0153.523] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0153.524] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0153.527] recv (in: s=0x634, buf=0x23126e8, len=80, flags=0 | out: buf=0x23126e8*) returned 44 [0153.551] shutdown (s=0x634, how=2) returned 0 [0153.551] closesocket (s=0x634) returned 0 [0153.552] ReleaseMutex (hMutex=0x630) returned 1 [0153.552] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0153.553] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x650 [0153.554] WSAConnect (in: s=0x634, name=0x2312968*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0153.596] closesocket (s=0x650) returned 0 [0153.596] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0153.597] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 179 [0153.624] send (s=0x634, buf=0x231251c*, len=13, flags=0) returned 13 [0153.624] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 205 [0153.650] send (s=0x634, buf=0x231251c*, len=33, flags=0) returned 33 [0153.650] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 18 [0153.675] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸サ旙ݭЪᱦዃ䃹") returned 0x10 [0153.676] SystemFunction041 (in: Memory=0x636c64, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636c64) returned 0x0 [0153.676] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0153.676] SystemFunction040 (in: Memory=0x636c64, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636c64) returned 0x0 [0153.676] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0153.676] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0153.676] send (s=0x634, buf=0x231251c*, len=18, flags=0) returned 18 [0153.677] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 30 [0153.702] send (s=0x634, buf=0x231251c*, len=28, flags=0) returned 28 [0153.703] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 8 [0153.723] send (s=0x634, buf=0x231251c*, len=33, flags=0) returned 33 [0153.723] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 14 [0153.759] send (s=0x634, buf=0x231251c*, len=6, flags=0) returned 6 [0153.760] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 56 [0153.785] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0xffa5a6e7, Data2=0xa537, Data3=0x4d07, Data4=([0]=0x87, [1]=0xbe, [2]=0xe0, [3]=0xba, [4]=0xa4, [5]=0xce, [6]=0x11, [7]=0xc6))) returned 0x0 [0153.786] send (s=0x634, buf=0x2314150*, len=248, flags=0) returned 248 [0153.788] send (s=0x634, buf=0x231a0cc*, len=146, flags=0) returned 146 [0153.788] send (s=0x634, buf=0x231a0cc*, len=43, flags=0) returned 43 [0153.790] send (s=0x634, buf=0x231a0cc*, len=171, flags=0) returned 171 [0153.791] send (s=0x634, buf=0x231a0cc*, len=996, flags=0) returned 996 [0153.794] send (s=0x634, buf=0x231a0cc*, len=166, flags=0) returned 166 [0153.795] send (s=0x634, buf=0x231a0cc*, len=498, flags=0) returned 498 [0153.796] send (s=0x634, buf=0x231a0cc*, len=57, flags=0) returned 57 [0153.796] send (s=0x634, buf=0x2314150*, len=2, flags=0) returned 2 [0153.797] send (s=0x634, buf=0x231251c*, len=5, flags=0) returned 5 [0153.798] recv (in: s=0x634, buf=0x23129e0, len=256, flags=0 | out: buf=0x23129e0*) returned 28 [0153.905] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0153.905] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0153.905] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0153.905] WaitMessage () returned 1 [0163.520] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0163.521] IsWindowUnicode (hWnd=0x701e2) returned 1 [0163.521] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0163.521] TranslateMessage (lpMsg=0x19f85c) returned 0 [0163.521] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0163.523] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0163.524] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0163.524] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0163.525] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0163.527] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0163.527] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x2328520, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0163.528] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0163.528] SystemFunction040 (in: Memory=0x6369c4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6369c4) returned 0x0 [0163.528] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0163.528] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0163.530] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0163.531] recv (in: s=0x634, buf=0x23289cc, len=80, flags=0 | out: buf=0x23289cc*) returned 44 [0163.556] shutdown (s=0x634, how=2) returned 0 [0163.557] closesocket (s=0x634) returned 0 [0163.558] ReleaseMutex (hMutex=0x630) returned 1 [0163.558] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0163.559] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0163.560] WSAConnect (in: s=0x634, name=0x2328c4c*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0163.602] closesocket (s=0x268) returned 0 [0163.603] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0163.603] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 179 [0163.627] send (s=0x634, buf=0x2328800*, len=13, flags=0) returned 13 [0163.628] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 205 [0163.649] send (s=0x634, buf=0x2328800*, len=33, flags=0) returned 33 [0163.650] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 18 [0163.669] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0163.669] SystemFunction041 (in: Memory=0x6369c4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6369c4) returned 0x0 [0163.669] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0163.669] SystemFunction040 (in: Memory=0x6369c4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6369c4) returned 0x0 [0163.669] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0163.669] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0163.670] send (s=0x634, buf=0x2328800*, len=18, flags=0) returned 18 [0163.670] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 30 [0163.701] send (s=0x634, buf=0x2328800*, len=28, flags=0) returned 28 [0163.701] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 8 [0163.720] send (s=0x634, buf=0x2328800*, len=33, flags=0) returned 33 [0163.720] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 14 [0163.745] send (s=0x634, buf=0x2328800*, len=6, flags=0) returned 6 [0163.746] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 56 [0163.768] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x63674c1c, Data2=0x396c, Data3=0x42be, Data4=([0]=0x94, [1]=0x4, [2]=0xf3, [3]=0xdb, [4]=0xa3, [5]=0x2b, [6]=0x7d, [7]=0xa2))) returned 0x0 [0163.769] send (s=0x634, buf=0x232a434*, len=248, flags=0) returned 248 [0163.770] send (s=0x634, buf=0x23303b0*, len=146, flags=0) returned 146 [0163.771] send (s=0x634, buf=0x23303b0*, len=43, flags=0) returned 43 [0163.772] send (s=0x634, buf=0x23303b0*, len=171, flags=0) returned 171 [0163.773] send (s=0x634, buf=0x23303b0*, len=996, flags=0) returned 996 [0163.774] send (s=0x634, buf=0x23303b0*, len=166, flags=0) returned 166 [0163.775] send (s=0x634, buf=0x23303b0*, len=498, flags=0) returned 498 [0163.775] send (s=0x634, buf=0x23303b0*, len=57, flags=0) returned 57 [0163.775] send (s=0x634, buf=0x232a434*, len=2, flags=0) returned 2 [0163.776] send (s=0x634, buf=0x2328800*, len=5, flags=0) returned 5 [0163.776] recv (in: s=0x634, buf=0x2328cc4, len=256, flags=0 | out: buf=0x2328cc4*) returned 28 [0163.832] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0163.832] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0163.832] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0163.832] WaitMessage () returned 1 [0173.526] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0173.526] IsWindowUnicode (hWnd=0x701e2) returned 1 [0173.526] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0173.526] TranslateMessage (lpMsg=0x19f85c) returned 0 [0173.526] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0173.528] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0173.530] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0173.530] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0173.531] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0173.532] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0173.532] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x233e860, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0173.533] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0173.533] SystemFunction040 (in: Memory=0x636bf4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636bf4) returned 0x0 [0173.534] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0173.534] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0173.535] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0173.537] recv (in: s=0x634, buf=0x233ed0c, len=80, flags=0 | out: buf=0x233ed0c*) returned 44 [0173.564] shutdown (s=0x634, how=2) returned 0 [0173.565] closesocket (s=0x634) returned 0 [0173.566] ReleaseMutex (hMutex=0x630) returned 1 [0173.566] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0173.567] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0173.568] WSAConnect (in: s=0x634, name=0x233ef8c*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0173.596] closesocket (s=0x268) returned 0 [0173.597] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0173.597] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 179 [0173.624] send (s=0x634, buf=0x233eb40*, len=13, flags=0) returned 13 [0173.625] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 205 [0173.652] send (s=0x634, buf=0x233eb40*, len=33, flags=0) returned 33 [0173.652] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 18 [0173.681] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0173.681] SystemFunction041 (in: Memory=0x636bf4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636bf4) returned 0x0 [0173.682] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0173.682] SystemFunction040 (in: Memory=0x636bf4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636bf4) returned 0x0 [0173.682] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0173.682] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0173.682] send (s=0x634, buf=0x233eb40*, len=18, flags=0) returned 18 [0173.682] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 30 [0173.708] send (s=0x634, buf=0x233eb40*, len=28, flags=0) returned 28 [0173.709] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 8 [0173.734] send (s=0x634, buf=0x233eb40*, len=33, flags=0) returned 33 [0173.735] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 14 [0173.755] send (s=0x634, buf=0x233eb40*, len=6, flags=0) returned 6 [0173.756] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 56 [0173.774] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0xe5b442a4, Data2=0xea42, Data3=0x425d, Data4=([0]=0x9e, [1]=0xad, [2]=0x56, [3]=0x25, [4]=0x7c, [5]=0x44, [6]=0x1c, [7]=0x58))) returned 0x0 [0173.776] send (s=0x634, buf=0x2340774*, len=248, flags=0) returned 248 [0173.778] send (s=0x634, buf=0x23466f0*, len=146, flags=0) returned 146 [0173.779] send (s=0x634, buf=0x23466f0*, len=43, flags=0) returned 43 [0173.780] send (s=0x634, buf=0x23466f0*, len=171, flags=0) returned 171 [0173.781] send (s=0x634, buf=0x23466f0*, len=996, flags=0) returned 996 [0173.782] send (s=0x634, buf=0x23466f0*, len=166, flags=0) returned 166 [0173.783] send (s=0x634, buf=0x23466f0*, len=498, flags=0) returned 498 [0173.784] send (s=0x634, buf=0x23466f0*, len=57, flags=0) returned 57 [0173.784] send (s=0x634, buf=0x2340774*, len=2, flags=0) returned 2 [0173.785] send (s=0x634, buf=0x233eb40*, len=5, flags=0) returned 5 [0173.785] recv (in: s=0x634, buf=0x233f004, len=256, flags=0 | out: buf=0x233f004*) returned 28 [0173.900] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0173.900] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0173.900] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0173.900] WaitMessage () returned 1 [0183.535] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0183.535] IsWindowUnicode (hWnd=0x701e2) returned 1 [0183.536] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0183.536] TranslateMessage (lpMsg=0x19f85c) returned 0 [0183.536] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0183.537] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0183.540] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0183.540] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0183.541] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0183.542] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0183.542] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x2354b44, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0183.543] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0183.543] SystemFunction040 (in: Memory=0x636954, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636954) returned 0x0 [0183.543] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0183.543] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0183.544] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0183.545] recv (in: s=0x634, buf=0x2354ff0, len=80, flags=0 | out: buf=0x2354ff0*) returned 44 [0183.568] shutdown (s=0x634, how=2) returned 0 [0183.569] closesocket (s=0x634) returned 0 [0183.569] ReleaseMutex (hMutex=0x630) returned 1 [0183.569] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0183.570] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0183.570] WSAConnect (in: s=0x634, name=0x2355270*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0183.595] closesocket (s=0x268) returned 0 [0183.595] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0183.595] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 179 [0183.628] send (s=0x634, buf=0x2354e24*, len=13, flags=0) returned 13 [0183.629] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 205 [0183.652] send (s=0x634, buf=0x2354e24*, len=33, flags=0) returned 33 [0183.653] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 18 [0183.672] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0183.672] SystemFunction041 (in: Memory=0x636954, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636954) returned 0x0 [0183.672] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0183.672] SystemFunction040 (in: Memory=0x636954, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636954) returned 0x0 [0183.672] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0183.672] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0183.673] send (s=0x634, buf=0x2354e24*, len=18, flags=0) returned 18 [0183.673] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 30 [0183.700] send (s=0x634, buf=0x2354e24*, len=28, flags=0) returned 28 [0183.701] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 8 [0183.719] send (s=0x634, buf=0x2354e24*, len=33, flags=0) returned 33 [0183.720] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 14 [0183.752] send (s=0x634, buf=0x2354e24*, len=6, flags=0) returned 6 [0183.752] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 56 [0183.772] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x4537f23e, Data2=0x4003, Data3=0x4cb1, Data4=([0]=0xa7, [1]=0x55, [2]=0xb1, [3]=0x87, [4]=0xdd, [5]=0x74, [6]=0xf7, [7]=0x79))) returned 0x0 [0183.773] send (s=0x634, buf=0x2356a58*, len=248, flags=0) returned 248 [0183.773] send (s=0x634, buf=0x235c9d4*, len=146, flags=0) returned 146 [0183.774] send (s=0x634, buf=0x235c9d4*, len=43, flags=0) returned 43 [0183.775] send (s=0x634, buf=0x235c9d4*, len=171, flags=0) returned 171 [0183.775] send (s=0x634, buf=0x235c9d4*, len=996, flags=0) returned 996 [0183.776] send (s=0x634, buf=0x235c9d4*, len=166, flags=0) returned 166 [0183.777] send (s=0x634, buf=0x235c9d4*, len=498, flags=0) returned 498 [0183.777] send (s=0x634, buf=0x235c9d4*, len=57, flags=0) returned 57 [0183.777] send (s=0x634, buf=0x2356a58*, len=2, flags=0) returned 2 [0183.777] send (s=0x634, buf=0x2354e24*, len=5, flags=0) returned 5 [0183.778] recv (in: s=0x634, buf=0x23552e8, len=256, flags=0 | out: buf=0x23552e8*) returned 28 [0183.841] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0183.841] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0183.841] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0183.841] WaitMessage () returned 1 [0193.536] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0193.536] IsWindowUnicode (hWnd=0x701e2) returned 1 [0193.536] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0193.536] TranslateMessage (lpMsg=0x19f85c) returned 0 [0193.536] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0193.537] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0193.538] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0193.539] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0193.539] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0193.541] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0193.541] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x236ae28, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0193.541] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0193.541] SystemFunction040 (in: Memory=0x636aa4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636aa4) returned 0x0 [0193.541] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0193.541] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0193.542] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0193.543] recv (in: s=0x634, buf=0x236b2d4, len=80, flags=0 | out: buf=0x236b2d4*) returned 44 [0193.565] shutdown (s=0x634, how=2) returned 0 [0193.566] closesocket (s=0x634) returned 0 [0193.566] ReleaseMutex (hMutex=0x630) returned 1 [0193.566] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0193.568] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0193.569] WSAConnect (in: s=0x634, name=0x236b554*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0193.594] closesocket (s=0x268) returned 0 [0193.595] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0193.595] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 179 [0193.617] send (s=0x634, buf=0x236b108*, len=13, flags=0) returned 13 [0193.617] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 205 [0193.638] send (s=0x634, buf=0x236b108*, len=33, flags=0) returned 33 [0193.638] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 18 [0193.658] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0193.658] SystemFunction041 (in: Memory=0x636aa4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636aa4) returned 0x0 [0193.658] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0193.658] SystemFunction040 (in: Memory=0x636aa4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636aa4) returned 0x0 [0193.658] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0193.658] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0193.658] send (s=0x634, buf=0x236b108*, len=18, flags=0) returned 18 [0193.659] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 30 [0193.679] send (s=0x634, buf=0x236b108*, len=28, flags=0) returned 28 [0193.680] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 8 [0195.118] send (s=0x634, buf=0x236b108*, len=33, flags=0) returned 33 [0195.118] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 14 [0195.149] send (s=0x634, buf=0x236b108*, len=6, flags=0) returned 6 [0195.150] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 56 [0195.168] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x8da74fc3, Data2=0x9071, Data3=0x48b9, Data4=([0]=0x97, [1]=0xe5, [2]=0x95, [3]=0x6a, [4]=0xfe, [5]=0x62, [6]=0x6b, [7]=0x9f))) returned 0x0 [0195.169] send (s=0x634, buf=0x236cd3c*, len=248, flags=0) returned 248 [0195.171] send (s=0x634, buf=0x2372cb8*, len=146, flags=0) returned 146 [0195.171] send (s=0x634, buf=0x2372cb8*, len=43, flags=0) returned 43 [0195.172] send (s=0x634, buf=0x2372cb8*, len=171, flags=0) returned 171 [0195.173] send (s=0x634, buf=0x2372cb8*, len=996, flags=0) returned 996 [0195.174] send (s=0x634, buf=0x2372cb8*, len=166, flags=0) returned 166 [0195.174] send (s=0x634, buf=0x2372cb8*, len=498, flags=0) returned 498 [0195.175] send (s=0x634, buf=0x2372cb8*, len=57, flags=0) returned 57 [0195.175] send (s=0x634, buf=0x236cd3c*, len=2, flags=0) returned 2 [0195.175] send (s=0x634, buf=0x236b108*, len=5, flags=0) returned 5 [0195.175] recv (in: s=0x634, buf=0x236b5cc, len=256, flags=0 | out: buf=0x236b5cc*) returned 28 [0195.392] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0195.392] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0195.393] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0195.393] WaitMessage () returned 1 [0203.537] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0203.538] IsWindowUnicode (hWnd=0x701e2) returned 1 [0203.538] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0203.538] TranslateMessage (lpMsg=0x19f85c) returned 0 [0203.538] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0203.538] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0203.542] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0203.542] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0203.543] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0203.543] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0203.544] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x238110c, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0203.544] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0203.544] SystemFunction040 (in: Memory=0x636bbc, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636bbc) returned 0x0 [0203.545] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0203.545] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0203.545] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0203.548] recv (in: s=0x634, buf=0x23815b8, len=80, flags=0 | out: buf=0x23815b8*) returned 44 [0203.582] shutdown (s=0x634, how=2) returned 0 [0203.582] closesocket (s=0x634) returned 0 [0203.583] ReleaseMutex (hMutex=0x630) returned 1 [0203.583] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0203.585] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0203.585] WSAConnect (in: s=0x634, name=0x2381838*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0203.609] closesocket (s=0x268) returned 0 [0203.609] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0203.610] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 179 [0203.638] send (s=0x634, buf=0x23813ec*, len=13, flags=0) returned 13 [0203.638] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 205 [0203.661] send (s=0x634, buf=0x23813ec*, len=33, flags=0) returned 33 [0203.661] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 18 [0203.684] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0203.684] SystemFunction041 (in: Memory=0x636bbc, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636bbc) returned 0x0 [0203.685] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0203.685] SystemFunction040 (in: Memory=0x636bbc, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x636bbc) returned 0x0 [0203.685] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0203.685] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0203.685] send (s=0x634, buf=0x23813ec*, len=18, flags=0) returned 18 [0203.686] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 30 [0203.711] send (s=0x634, buf=0x23813ec*, len=28, flags=0) returned 28 [0203.712] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 8 [0203.735] send (s=0x634, buf=0x23813ec*, len=33, flags=0) returned 33 [0203.735] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 14 [0203.757] send (s=0x634, buf=0x23813ec*, len=6, flags=0) returned 6 [0203.759] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 56 [0203.787] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x7fc8f1b, Data2=0x63d, Data3=0x4e77, Data4=([0]=0xb9, [1]=0x95, [2]=0xa6, [3]=0x34, [4]=0xe6, [5]=0x63, [6]=0xf8, [7]=0xb3))) returned 0x0 [0203.788] send (s=0x634, buf=0x2383020*, len=248, flags=0) returned 248 [0203.790] send (s=0x634, buf=0x2388f9c*, len=146, flags=0) returned 146 [0203.791] send (s=0x634, buf=0x2388f9c*, len=43, flags=0) returned 43 [0203.792] send (s=0x634, buf=0x2388f9c*, len=171, flags=0) returned 171 [0203.793] send (s=0x634, buf=0x2388f9c*, len=996, flags=0) returned 996 [0203.795] send (s=0x634, buf=0x2388f9c*, len=166, flags=0) returned 166 [0203.795] send (s=0x634, buf=0x2388f9c*, len=498, flags=0) returned 498 [0203.796] send (s=0x634, buf=0x2388f9c*, len=57, flags=0) returned 57 [0203.796] send (s=0x634, buf=0x2383020*, len=2, flags=0) returned 2 [0203.796] send (s=0x634, buf=0x23813ec*, len=5, flags=0) returned 5 [0203.796] recv (in: s=0x634, buf=0x23818b0, len=256, flags=0 | out: buf=0x23818b0*) returned 28 [0204.057] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0204.057] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0204.057] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0204.057] WaitMessage () returned 1 [0213.531] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0213.532] IsWindowUnicode (hWnd=0x701e2) returned 1 [0213.532] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0213.532] TranslateMessage (lpMsg=0x19f85c) returned 0 [0213.532] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0213.535] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0213.541] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0213.541] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0213.542] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0213.615] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0213.615] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x23973f0, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0213.616] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0213.617] SystemFunction040 (in: Memory=0x63698c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63698c) returned 0x0 [0213.618] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0213.618] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0213.625] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0213.629] recv (in: s=0x634, buf=0x239789c, len=80, flags=0 | out: buf=0x239789c*) returned 44 [0213.653] shutdown (s=0x634, how=2) returned 0 [0213.654] closesocket (s=0x634) returned 0 [0213.656] ReleaseMutex (hMutex=0x630) returned 1 [0213.656] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0213.658] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x268 [0213.658] WSAConnect (in: s=0x634, name=0x2397b1c*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0213.685] closesocket (s=0x268) returned 0 [0213.686] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0213.686] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 179 [0213.725] send (s=0x634, buf=0x23976d0*, len=13, flags=0) returned 13 [0213.727] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 205 [0213.751] send (s=0x634, buf=0x23976d0*, len=33, flags=0) returned 33 [0213.752] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 18 [0213.770] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0213.770] SystemFunction041 (in: Memory=0x63698c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63698c) returned 0x0 [0213.770] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0213.770] SystemFunction040 (in: Memory=0x63698c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63698c) returned 0x0 [0213.770] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0213.770] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0213.771] send (s=0x634, buf=0x23976d0*, len=18, flags=0) returned 18 [0213.772] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 30 [0213.826] send (s=0x634, buf=0x23976d0*, len=28, flags=0) returned 28 [0213.827] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 8 [0213.845] send (s=0x634, buf=0x23976d0*, len=33, flags=0) returned 33 [0213.846] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 14 [0213.871] send (s=0x634, buf=0x23976d0*, len=6, flags=0) returned 6 [0213.872] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 56 [0213.892] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x6b2e1245, Data2=0x3280, Data3=0x4873, Data4=([0]=0xa5, [1]=0x16, [2]=0x2b, [3]=0x6d, [4]=0x4f, [5]=0x94, [6]=0x49, [7]=0x4d))) returned 0x0 [0213.894] send (s=0x634, buf=0x2399304*, len=248, flags=0) returned 248 [0213.895] send (s=0x634, buf=0x239f284*, len=146, flags=0) returned 146 [0213.896] send (s=0x634, buf=0x239f284*, len=43, flags=0) returned 43 [0213.898] send (s=0x634, buf=0x239f284*, len=171, flags=0) returned 171 [0213.900] send (s=0x634, buf=0x239f284*, len=996, flags=0) returned 996 [0213.902] send (s=0x634, buf=0x239f284*, len=166, flags=0) returned 166 [0213.903] send (s=0x634, buf=0x239f284*, len=498, flags=0) returned 498 [0213.904] send (s=0x634, buf=0x239f284*, len=57, flags=0) returned 57 [0213.905] send (s=0x634, buf=0x2399304*, len=2, flags=0) returned 2 [0213.905] send (s=0x634, buf=0x23976d0*, len=5, flags=0) returned 5 [0213.906] recv (in: s=0x634, buf=0x2397b94, len=256, flags=0 | out: buf=0x2397b94*) returned 28 [0214.082] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0214.082] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0214.082] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0214.083] WaitMessage () returned 1 [0223.538] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0223.538] IsWindowUnicode (hWnd=0x701e2) returned 1 [0223.538] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0223.538] TranslateMessage (lpMsg=0x19f85c) returned 0 [0223.539] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0223.540] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0223.542] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0223.542] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0223.543] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0223.544] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0223.544] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x23adb44, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0223.545] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0223.545] SystemFunction040 (in: Memory=0x63f2d4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f2d4) returned 0x0 [0223.546] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0223.546] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0223.547] SetEvent (hEvent=0x3d8) returned 1 [0223.548] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0223.549] recv (in: s=0x634, buf=0x23ae2a0, len=80, flags=0 | out: buf=0x23ae2a0*) returned 44 [0223.576] shutdown (s=0x634, how=2) returned 0 [0223.577] closesocket (s=0x634) returned 0 [0223.577] ReleaseMutex (hMutex=0x630) returned 1 [0223.577] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0223.578] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x670 [0223.579] WSAConnect (in: s=0x634, name=0x23ae520*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0223.630] closesocket (s=0x670) returned 0 [0223.630] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0223.630] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 179 [0223.659] send (s=0x634, buf=0x23ae0d4*, len=13, flags=0) returned 13 [0223.660] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 205 [0223.686] send (s=0x634, buf=0x23ae0d4*, len=33, flags=0) returned 33 [0223.686] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 18 [0223.708] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸サ旙ݭЪᱦዃ䃹") returned 0x10 [0223.708] SystemFunction041 (in: Memory=0x63f2d4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f2d4) returned 0x0 [0223.708] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0223.708] SystemFunction040 (in: Memory=0x63f2d4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f2d4) returned 0x0 [0223.708] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0223.708] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0223.709] send (s=0x634, buf=0x23ae0d4*, len=18, flags=0) returned 18 [0223.709] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 30 [0223.736] send (s=0x634, buf=0x23ae0d4*, len=28, flags=0) returned 28 [0223.737] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 8 [0223.756] send (s=0x634, buf=0x23ae0d4*, len=33, flags=0) returned 33 [0223.756] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 14 [0223.781] send (s=0x634, buf=0x23ae0d4*, len=6, flags=0) returned 6 [0223.782] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 56 [0223.801] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x3d1b1923, Data2=0x2373, Data3=0x4bbe, Data4=([0]=0x81, [1]=0x64, [2]=0xbb, [3]=0xcc, [4]=0x58, [5]=0x63, [6]=0x37, [7]=0x77))) returned 0x0 [0223.803] send (s=0x634, buf=0x23afd08*, len=249, flags=0) returned 249 [0223.805] send (s=0x634, buf=0x23b5ca0*, len=147, flags=0) returned 147 [0223.805] send (s=0x634, buf=0x23b5ca0*, len=43, flags=0) returned 43 [0223.807] send (s=0x634, buf=0x23b5ca0*, len=172, flags=0) returned 172 [0223.809] send (s=0x634, buf=0x23b5ca0*, len=996, flags=0) returned 996 [0223.811] send (s=0x634, buf=0x23b5ca0*, len=167, flags=0) returned 167 [0223.812] send (s=0x634, buf=0x23b5ca0*, len=498, flags=0) returned 498 [0223.812] send (s=0x634, buf=0x23b5ca0*, len=58, flags=0) returned 58 [0223.813] send (s=0x634, buf=0x23afd08*, len=2, flags=0) returned 2 [0223.813] send (s=0x634, buf=0x23ae0d4*, len=5, flags=0) returned 5 [0223.813] recv (in: s=0x634, buf=0x23ae598, len=256, flags=0 | out: buf=0x23ae598*) returned 28 [0223.989] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0223.989] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0223.989] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0223.989] WaitMessage () returned 1 [0233.561] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0233.561] IsWindowUnicode (hWnd=0x701e2) returned 1 [0233.561] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0233.561] TranslateMessage (lpMsg=0x19f85c) returned 0 [0233.561] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0233.563] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0233.565] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0233.565] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0233.567] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0233.569] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0233.569] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x23c40f4, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0233.569] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0233.569] SystemFunction040 (in: Memory=0x63f61c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f61c) returned 0x0 [0233.570] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0233.570] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0233.571] send (s=0x634, buf=0x22cce28*, len=6, flags=0) returned 6 [0233.573] recv (in: s=0x634, buf=0x23c45a0, len=80, flags=0 | out: buf=0x23c45a0*) returned 44 [0233.608] shutdown (s=0x634, how=2) returned 0 [0233.609] closesocket (s=0x634) returned 0 [0233.610] ReleaseMutex (hMutex=0x630) returned 1 [0233.610] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0233.611] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x66c [0233.611] WSAConnect (in: s=0x634, name=0x23c4820*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0233.640] closesocket (s=0x66c) returned 0 [0233.641] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0233.641] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 179 [0233.682] send (s=0x634, buf=0x23c43d4*, len=13, flags=0) returned 13 [0233.682] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 205 [0234.002] send (s=0x634, buf=0x23c43d4*, len=33, flags=0) returned 33 [0234.003] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 18 [0234.024] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.024] SystemFunction041 (in: Memory=0x63f61c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f61c) returned 0x0 [0234.024] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0234.024] SystemFunction040 (in: Memory=0x63f61c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f61c) returned 0x0 [0234.025] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0234.025] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0234.025] send (s=0x634, buf=0x23c43d4*, len=18, flags=0) returned 18 [0234.025] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 30 [0234.055] send (s=0x634, buf=0x23c43d4*, len=28, flags=0) returned 28 [0234.055] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 8 [0234.079] send (s=0x634, buf=0x23c43d4*, len=33, flags=0) returned 33 [0234.079] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 14 [0234.105] send (s=0x634, buf=0x23c43d4*, len=6, flags=0) returned 6 [0234.105] recv (in: s=0x634, buf=0x23c4898, len=256, flags=0 | out: buf=0x23c4898*) returned 56 [0234.145] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x75c51c96, Data2=0xb00b, Data3=0x4999, Data4=([0]=0xb5, [1]=0x69, [2]=0xc0, [3]=0x71, [4]=0xb4, [5]=0x7a, [6]=0x12, [7]=0x1))) returned 0x0 [0234.146] send (s=0x634, buf=0x23c6008*, len=249, flags=0) returned 249 [0234.147] send (s=0x634, buf=0x23cbfa0*, len=147, flags=0) returned 147 [0234.152] send (s=0x634, buf=0x23cbfa0*, len=43, flags=0) returned 43 [0234.156] send (s=0x634, buf=0x23cbfa0*, len=172, flags=0) returned 172 [0234.158] send (s=0x634, buf=0x23cbfa0*, len=996, flags=0) returned 996 [0234.191] send (s=0x634, buf=0x224b17c*, len=167, flags=0) returned 167 [0234.213] send (s=0x634, buf=0x224b17c*, len=498, flags=0) returned 498 [0234.213] send (s=0x634, buf=0x224b17c*, len=58, flags=0) returned 58 [0234.214] send (s=0x634, buf=0x224a398*, len=2, flags=0) returned 2 [0234.214] send (s=0x634, buf=0x2249d9c*, len=5, flags=0) returned 5 [0234.214] recv (in: s=0x634, buf=0x224a074, len=256, flags=0 | out: buf=0x224a074*) returned 28 [0234.254] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0234.254] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0234.254] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0234.254] WaitMessage () returned 1 [0243.564] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0243.564] IsWindowUnicode (hWnd=0x701e2) returned 1 [0243.565] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0243.565] TranslateMessage (lpMsg=0x19f85c) returned 0 [0243.565] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0243.568] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0243.572] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0243.573] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0243.575] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0243.577] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0243.578] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x2253eec, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0243.578] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0243.578] SystemFunction040 (in: Memory=0x63f424, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f424) returned 0x0 [0243.579] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0243.579] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0243.580] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0243.582] recv (in: s=0x634, buf=0x2254398, len=80, flags=0 | out: buf=0x2254398*) returned 44 [0243.609] shutdown (s=0x634, how=2) returned 0 [0243.610] closesocket (s=0x634) returned 0 [0243.611] ReleaseMutex (hMutex=0x630) returned 1 [0243.611] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0243.612] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x664 [0243.613] GetAddrInfoW (in: pNodeName="mail.24310.gr", pServiceName=0x0, pHints=0x19f1a0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f148 | out: ppResult=0x19f148*=0x603e40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="24310.gr", ai_addr=0x634d68*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) returned 0 [0243.626] FreeAddrInfoW (pAddrInfo=0x603e40*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="24310.gr", ai_addr=0x634d68*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) [0243.627] GetAddrInfoW (in: pNodeName="mail.24310.gr", pServiceName=0x0, pHints=0x19f1a0*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f148 | out: ppResult=0x19f148*=0x603b70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.24310.gr", ai_addr=0x634db0*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) returned 0 [0243.631] FreeAddrInfoW (pAddrInfo=0x603b70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.24310.gr", ai_addr=0x634db0*(sa_family=2, sin_port=0x0, sin_addr="178.63.69.174"), ai_next=0x0)) [0243.633] WSAConnect (in: s=0x634, name=0x2255200*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0243.657] closesocket (s=0x664) returned 0 [0243.658] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0243.658] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 179 [0243.687] send (s=0x634, buf=0x22541cc*, len=13, flags=0) returned 13 [0243.687] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 205 [0243.712] send (s=0x634, buf=0x22541cc*, len=33, flags=0) returned 33 [0243.713] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 18 [0243.737] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0243.737] SystemFunction041 (in: Memory=0x63f424, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f424) returned 0x0 [0243.738] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0243.738] SystemFunction040 (in: Memory=0x63f424, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f424) returned 0x0 [0243.739] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0243.739] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0243.739] send (s=0x634, buf=0x22541cc*, len=18, flags=0) returned 18 [0243.740] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 30 [0243.766] send (s=0x634, buf=0x22541cc*, len=28, flags=0) returned 28 [0243.767] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 8 [0243.792] send (s=0x634, buf=0x22541cc*, len=33, flags=0) returned 33 [0243.793] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 14 [0243.818] send (s=0x634, buf=0x22541cc*, len=6, flags=0) returned 6 [0243.819] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 56 [0243.843] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x9a26a25f, Data2=0x5037, Data3=0x4c4b, Data4=([0]=0xac, [1]=0x96, [2]=0xdf, [3]=0x58, [4]=0x7f, [5]=0xbc, [6]=0x74, [7]=0xe1))) returned 0x0 [0243.845] send (s=0x634, buf=0x22569e8*, len=249, flags=0) returned 249 [0243.845] send (s=0x634, buf=0x225cb10*, len=147, flags=0) returned 147 [0243.846] send (s=0x634, buf=0x225cb10*, len=43, flags=0) returned 43 [0243.846] send (s=0x634, buf=0x225cb10*, len=172, flags=0) returned 172 [0243.848] send (s=0x634, buf=0x225cb10*, len=996, flags=0) returned 996 [0243.849] send (s=0x634, buf=0x225cb10*, len=167, flags=0) returned 167 [0243.850] send (s=0x634, buf=0x225cb10*, len=498, flags=0) returned 498 [0243.850] send (s=0x634, buf=0x225cb10*, len=58, flags=0) returned 58 [0243.851] send (s=0x634, buf=0x22569e8*, len=2, flags=0) returned 2 [0243.851] send (s=0x634, buf=0x22541cc*, len=5, flags=0) returned 5 [0243.851] recv (in: s=0x634, buf=0x2255278, len=256, flags=0 | out: buf=0x2255278*) returned 28 [0243.945] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0243.945] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0243.945] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0243.945] WaitMessage () returned 1 [0253.565] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0253.565] IsWindowUnicode (hWnd=0x701e2) returned 1 [0253.565] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0253.565] TranslateMessage (lpMsg=0x19f85c) returned 0 [0253.565] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0253.565] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0253.567] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0253.568] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0253.568] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0253.570] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0253.571] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x226af64, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0253.571] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0253.571] SystemFunction040 (in: Memory=0x63f45c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f45c) returned 0x0 [0253.571] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0253.571] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0253.572] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0253.573] recv (in: s=0x634, buf=0x226b410, len=80, flags=0 | out: buf=0x226b410*) returned 44 [0253.598] shutdown (s=0x634, how=2) returned 0 [0253.598] closesocket (s=0x634) returned 0 [0253.598] ReleaseMutex (hMutex=0x630) returned 1 [0253.599] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0253.599] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x664 [0253.599] WSAConnect (in: s=0x634, name=0x226b690*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0253.627] closesocket (s=0x664) returned 0 [0253.627] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0253.627] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 179 [0253.650] send (s=0x634, buf=0x226b244*, len=13, flags=0) returned 13 [0253.650] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 205 [0253.674] send (s=0x634, buf=0x226b244*, len=33, flags=0) returned 33 [0253.675] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 18 [0253.696] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0253.696] SystemFunction041 (in: Memory=0x63f45c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f45c) returned 0x0 [0253.696] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0253.696] SystemFunction040 (in: Memory=0x63f45c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f45c) returned 0x0 [0253.696] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0253.696] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0253.697] send (s=0x634, buf=0x226b244*, len=18, flags=0) returned 18 [0253.697] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 30 [0253.722] send (s=0x634, buf=0x226b244*, len=28, flags=0) returned 28 [0253.723] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 8 [0253.744] send (s=0x634, buf=0x226b244*, len=33, flags=0) returned 33 [0253.745] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 14 [0253.766] send (s=0x634, buf=0x226b244*, len=6, flags=0) returned 6 [0253.766] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 56 [0253.789] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0xc4259863, Data2=0x8664, Data3=0x4994, Data4=([0]=0x9e, [1]=0xe0, [2]=0xf, [3]=0xf8, [4]=0x5a, [5]=0x2f, [6]=0x8b, [7]=0x5d))) returned 0x0 [0253.790] send (s=0x634, buf=0x226ce78*, len=249, flags=0) returned 249 [0253.791] send (s=0x634, buf=0x2272e10*, len=147, flags=0) returned 147 [0253.791] send (s=0x634, buf=0x2272e10*, len=43, flags=0) returned 43 [0253.792] send (s=0x634, buf=0x2272e10*, len=172, flags=0) returned 172 [0253.793] send (s=0x634, buf=0x2272e10*, len=996, flags=0) returned 996 [0253.794] send (s=0x634, buf=0x2272e10*, len=167, flags=0) returned 167 [0253.795] send (s=0x634, buf=0x2272e10*, len=498, flags=0) returned 498 [0253.799] send (s=0x634, buf=0x2272e10*, len=58, flags=0) returned 58 [0253.800] send (s=0x634, buf=0x226ce78*, len=2, flags=0) returned 2 [0253.800] send (s=0x634, buf=0x226b244*, len=5, flags=0) returned 5 [0253.800] recv (in: s=0x634, buf=0x226b708, len=256, flags=0 | out: buf=0x226b708*) returned 28 [0253.842] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0253.842] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0253.842] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0253.842] WaitMessage () returned 1 [0263.566] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0263.567] IsWindowUnicode (hWnd=0x701e2) returned 1 [0263.567] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0263.567] TranslateMessage (lpMsg=0x19f85c) returned 0 [0263.567] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0263.568] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0263.571] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0263.572] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0263.572] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0263.574] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0263.574] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x2281264, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0263.575] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0263.575] SystemFunction040 (in: Memory=0x63f68c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f68c) returned 0x0 [0263.576] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0263.576] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0263.577] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0263.578] recv (in: s=0x634, buf=0x2281710, len=80, flags=0 | out: buf=0x2281710*) returned 44 [0263.605] shutdown (s=0x634, how=2) returned 0 [0263.605] closesocket (s=0x634) returned 0 [0263.606] ReleaseMutex (hMutex=0x630) returned 1 [0263.606] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0263.607] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x664 [0263.607] WSAConnect (in: s=0x634, name=0x2281990*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0263.645] closesocket (s=0x664) returned 0 [0263.646] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0263.646] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 179 [0263.676] send (s=0x634, buf=0x2281544*, len=13, flags=0) returned 13 [0263.677] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 205 [0263.700] send (s=0x634, buf=0x2281544*, len=33, flags=0) returned 33 [0263.700] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 18 [0263.722] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0263.722] SystemFunction041 (in: Memory=0x63f68c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f68c) returned 0x0 [0263.722] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0263.722] SystemFunction040 (in: Memory=0x63f68c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f68c) returned 0x0 [0263.722] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0263.722] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0263.722] send (s=0x634, buf=0x2281544*, len=18, flags=0) returned 18 [0263.723] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 30 [0263.760] send (s=0x634, buf=0x2281544*, len=28, flags=0) returned 28 [0263.760] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 8 [0263.782] send (s=0x634, buf=0x2281544*, len=33, flags=0) returned 33 [0263.782] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 14 [0263.814] send (s=0x634, buf=0x2281544*, len=6, flags=0) returned 6 [0263.814] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 56 [0263.841] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0xc520ffff, Data2=0xa54b, Data3=0x4b2e, Data4=([0]=0x80, [1]=0x39, [2]=0xa7, [3]=0x6f, [4]=0x15, [5]=0x65, [6]=0x95, [7]=0xd7))) returned 0x0 [0263.842] send (s=0x634, buf=0x2283178*, len=249, flags=0) returned 249 [0263.843] send (s=0x634, buf=0x228910c*, len=147, flags=0) returned 147 [0263.843] send (s=0x634, buf=0x228910c*, len=43, flags=0) returned 43 [0263.844] send (s=0x634, buf=0x228910c*, len=172, flags=0) returned 172 [0263.845] send (s=0x634, buf=0x228910c*, len=996, flags=0) returned 996 [0263.846] send (s=0x634, buf=0x228910c*, len=167, flags=0) returned 167 [0263.846] send (s=0x634, buf=0x228910c*, len=498, flags=0) returned 498 [0263.847] send (s=0x634, buf=0x228910c*, len=58, flags=0) returned 58 [0263.847] send (s=0x634, buf=0x2283178*, len=2, flags=0) returned 2 [0263.847] send (s=0x634, buf=0x2281544*, len=5, flags=0) returned 5 [0263.847] recv (in: s=0x634, buf=0x2281a08, len=256, flags=0 | out: buf=0x2281a08*) returned 28 [0264.020] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0264.021] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0264.021] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0264.021] WaitMessage () returned 1 [0273.569] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0273.569] IsWindowUnicode (hWnd=0x701e2) returned 1 [0273.569] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0273.569] TranslateMessage (lpMsg=0x19f85c) returned 0 [0273.569] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0273.571] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0273.572] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0273.573] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0273.574] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0273.576] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0273.576] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22975b0, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0273.576] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0273.576] SystemFunction040 (in: Memory=0x63f2d4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f2d4) returned 0x0 [0273.576] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0273.576] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0273.577] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0273.578] recv (in: s=0x634, buf=0x2297a5c, len=80, flags=0 | out: buf=0x2297a5c*) returned 44 [0273.605] shutdown (s=0x634, how=2) returned 0 [0273.605] closesocket (s=0x634) returned 0 [0273.606] ReleaseMutex (hMutex=0x630) returned 1 [0273.606] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0273.607] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x664 [0273.608] WSAConnect (in: s=0x634, name=0x2297cdc*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0273.635] closesocket (s=0x664) returned 0 [0273.635] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0273.636] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 179 [0273.665] send (s=0x634, buf=0x2297890*, len=13, flags=0) returned 13 [0273.666] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 205 [0273.690] send (s=0x634, buf=0x2297890*, len=33, flags=0) returned 33 [0273.691] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 18 [0273.712] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0273.712] SystemFunction041 (in: Memory=0x63f2d4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f2d4) returned 0x0 [0273.712] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0273.712] SystemFunction040 (in: Memory=0x63f2d4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f2d4) returned 0x0 [0273.712] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0273.712] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0273.713] send (s=0x634, buf=0x2297890*, len=18, flags=0) returned 18 [0273.713] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 30 [0273.742] send (s=0x634, buf=0x2297890*, len=28, flags=0) returned 28 [0273.743] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 8 [0273.764] send (s=0x634, buf=0x2297890*, len=33, flags=0) returned 33 [0273.765] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 14 [0273.786] send (s=0x634, buf=0x2297890*, len=6, flags=0) returned 6 [0273.786] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 56 [0273.808] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x63b00040, Data2=0x68b1, Data3=0x4f30, Data4=([0]=0xa9, [1]=0xec, [2]=0x50, [3]=0x5f, [4]=0x31, [5]=0x13, [6]=0x51, [7]=0x95))) returned 0x0 [0273.809] send (s=0x634, buf=0x22994c4*, len=249, flags=0) returned 249 [0273.810] send (s=0x634, buf=0x229f45c*, len=147, flags=0) returned 147 [0273.810] send (s=0x634, buf=0x229f45c*, len=43, flags=0) returned 43 [0273.811] send (s=0x634, buf=0x229f45c*, len=172, flags=0) returned 172 [0273.812] send (s=0x634, buf=0x229f45c*, len=996, flags=0) returned 996 [0273.812] send (s=0x634, buf=0x229f45c*, len=167, flags=0) returned 167 [0273.813] send (s=0x634, buf=0x229f45c*, len=498, flags=0) returned 498 [0273.813] send (s=0x634, buf=0x229f45c*, len=58, flags=0) returned 58 [0273.813] send (s=0x634, buf=0x22994c4*, len=2, flags=0) returned 2 [0273.813] send (s=0x634, buf=0x2297890*, len=5, flags=0) returned 5 [0273.813] recv (in: s=0x634, buf=0x2297d54, len=256, flags=0 | out: buf=0x2297d54*) returned 28 [0273.854] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0273.855] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0273.855] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0273.855] WaitMessage () returned 1 [0283.565] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0283.566] IsWindowUnicode (hWnd=0x701e2) returned 1 [0283.566] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0283.566] TranslateMessage (lpMsg=0x19f85c) returned 0 [0283.566] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0283.566] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0283.568] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0283.568] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0283.569] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0283.569] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0283.569] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22ad8b0, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0283.570] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0283.570] SystemFunction040 (in: Memory=0x63f494, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f494) returned 0x0 [0283.570] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0283.570] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0283.571] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0283.572] recv (in: s=0x634, buf=0x22add5c, len=80, flags=0 | out: buf=0x22add5c*) returned 44 [0283.598] shutdown (s=0x634, how=2) returned 0 [0283.598] closesocket (s=0x634) returned 0 [0283.599] ReleaseMutex (hMutex=0x630) returned 1 [0283.600] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0283.601] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x664 [0283.601] WSAConnect (in: s=0x634, name=0x22adfdc*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0283.627] closesocket (s=0x664) returned 0 [0283.627] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0283.627] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 179 [0283.653] send (s=0x634, buf=0x22adb90*, len=13, flags=0) returned 13 [0283.653] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 205 [0283.679] send (s=0x634, buf=0x22adb90*, len=33, flags=0) returned 33 [0283.679] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 18 [0283.698] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0283.699] SystemFunction041 (in: Memory=0x63f494, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f494) returned 0x0 [0283.699] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0283.699] SystemFunction040 (in: Memory=0x63f494, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f494) returned 0x0 [0283.699] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0283.699] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0283.699] send (s=0x634, buf=0x22adb90*, len=18, flags=0) returned 18 [0283.700] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 30 [0283.724] send (s=0x634, buf=0x22adb90*, len=28, flags=0) returned 28 [0283.725] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 8 [0283.743] send (s=0x634, buf=0x22adb90*, len=33, flags=0) returned 33 [0283.743] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 14 [0283.773] send (s=0x634, buf=0x22adb90*, len=6, flags=0) returned 6 [0283.773] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 56 [0283.795] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0x4ce0c734, Data2=0x3d37, Data3=0x4360, Data4=([0]=0xa6, [1]=0x1, [2]=0x32, [3]=0x68, [4]=0x6f, [5]=0x22, [6]=0x1d, [7]=0xf6))) returned 0x0 [0283.796] send (s=0x634, buf=0x22af7c4*, len=249, flags=0) returned 249 [0283.797] send (s=0x634, buf=0x22b575c*, len=147, flags=0) returned 147 [0283.798] send (s=0x634, buf=0x22b575c*, len=43, flags=0) returned 43 [0283.798] send (s=0x634, buf=0x22b575c*, len=172, flags=0) returned 172 [0283.799] send (s=0x634, buf=0x22b575c*, len=996, flags=0) returned 996 [0283.800] send (s=0x634, buf=0x22b575c*, len=167, flags=0) returned 167 [0283.800] send (s=0x634, buf=0x22b575c*, len=498, flags=0) returned 498 [0283.800] send (s=0x634, buf=0x22b575c*, len=58, flags=0) returned 58 [0283.801] send (s=0x634, buf=0x22af7c4*, len=2, flags=0) returned 2 [0283.801] send (s=0x634, buf=0x22adb90*, len=5, flags=0) returned 5 [0283.801] recv (in: s=0x634, buf=0x22ae054, len=256, flags=0 | out: buf=0x22ae054*) returned 28 [0283.926] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0283.926] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0283.926] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0283.926] WaitMessage () returned 1 [0293.561] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0293.561] IsWindowUnicode (hWnd=0x701e2) returned 1 [0293.561] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0293.561] TranslateMessage (lpMsg=0x19f85c) returned 0 [0293.561] DispatchMessageW (lpMsg=0x19f85c) returned 0x0 [0293.561] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0293.563] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0293.564] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0293.564] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0293.565] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0293.565] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22c3bb0, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0293.565] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0293.565] SystemFunction040 (in: Memory=0x63f6c4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f6c4) returned 0x0 [0293.566] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0293.566] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0293.566] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0293.567] recv (in: s=0x634, buf=0x22c405c, len=80, flags=0 | out: buf=0x22c405c*) returned 44 [0293.589] shutdown (s=0x634, how=2) returned 0 [0293.589] closesocket (s=0x634) returned 0 [0293.589] ReleaseMutex (hMutex=0x630) returned 1 [0293.589] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x634 [0293.590] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x664 [0293.591] WSAConnect (in: s=0x634, name=0x22c42dc*(sa_family=2, sin_port=0x24b, sin_addr="178.63.69.174"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.619] closesocket (s=0x664) returned 0 [0293.619] setsockopt (s=0x634, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0293.619] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 179 [0293.643] send (s=0x634, buf=0x22c3e90*, len=13, flags=0) returned 13 [0293.643] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 205 [0293.668] send (s=0x634, buf=0x22c3e90*, len=33, flags=0) returned 33 [0293.669] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 18 [0293.687] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0293.687] SystemFunction041 (in: Memory=0x63f6c4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f6c4) returned 0x0 [0293.687] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0293.687] SystemFunction040 (in: Memory=0x63f6c4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63f6c4) returned 0x0 [0293.688] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0293.688] SysStringLen (param_1="?_bEpvL{rN$%") returned 0xc [0293.688] send (s=0x634, buf=0x22c3e90*, len=18, flags=0) returned 18 [0293.688] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 30 [0293.712] send (s=0x634, buf=0x22c3e90*, len=28, flags=0) returned 28 [0293.713] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 8 [0293.734] send (s=0x634, buf=0x22c3e90*, len=33, flags=0) returned 33 [0293.734] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 14 [0293.764] send (s=0x634, buf=0x22c3e90*, len=6, flags=0) returned 6 [0293.764] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 56 [0293.787] CoCreateGuid (in: pguid=0x19f300 | out: pguid=0x19f300*(Data1=0xe7ac6d31, Data2=0x11bc, Data3=0x43e2, Data4=([0]=0x99, [1]=0xb, [2]=0x52, [3]=0xfe, [4]=0x1f, [5]=0x73, [6]=0xdc, [7]=0xcb))) returned 0x0 [0293.788] send (s=0x634, buf=0x22c5ac4*, len=249, flags=0) returned 249 [0293.789] send (s=0x634, buf=0x22cba5c*, len=147, flags=0) returned 147 [0293.789] send (s=0x634, buf=0x22cba5c*, len=43, flags=0) returned 43 [0293.789] send (s=0x634, buf=0x22cba5c*, len=172, flags=0) returned 172 [0293.790] send (s=0x634, buf=0x22cba5c*, len=996, flags=0) returned 996 [0293.792] send (s=0x634, buf=0x22cba5c*, len=167, flags=0) returned 167 [0293.792] send (s=0x634, buf=0x22cba5c*, len=498, flags=0) returned 498 [0293.793] send (s=0x634, buf=0x22cba5c*, len=58, flags=0) returned 58 [0293.793] send (s=0x634, buf=0x22c5ac4*, len=2, flags=0) returned 2 [0293.793] send (s=0x634, buf=0x22c3e90*, len=5, flags=0) returned 5 [0293.793] recv (in: s=0x634, buf=0x22c4354, len=256, flags=0 | out: buf=0x22c4354*) returned 28 [0293.841] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0293.841] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0293.841] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 0 [0293.841] WaitMessage () returned 1 [0303.561] PeekMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f85c) returned 1 [0303.563] IsWindowUnicode (hWnd=0x701e2) returned 1 [0303.563] GetMessageW (in: lpMsg=0x19f85c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f85c) returned 1 [0303.564] TranslateMessage (lpMsg=0x19f85c) returned 0 [0303.564] DispatchMessageW (lpMsg=0x19f85c) [0303.565] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0303.568] GetUserNameW (in: lpBuffer=0x19f1f0, pcbBuffer=0x19f468 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f468) returned 1 [0303.568] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0303.569] GetUserNameW (in: lpBuffer=0x19f1c0, pcbBuffer=0x19f438 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f438) returned 1 [0303.571] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0303.571] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x22d9eb0, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0303.571] SysStringLen (param_1="?_bEpvL{rN$%") returned 0x10 [0303.571] SystemFunction040 (in: Memory=0x63fa0c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x63fa0c) returned 0x0 [0303.572] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f354 | out: UnbiasedTime=0x19f354) returned 1 [0303.572] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f344 | out: UnbiasedTime=0x19f344) returned 1 [0303.573] send (s=0x634, buf=0x224597c*, len=6, flags=0) returned 6 [0303.574] recv (s=0x634, buf=0x22da35c, len=80, flags=0) Thread: id = 6 os_tid = 0x918 Thread: id = 7 os_tid = 0x3f8 Thread: id = 8 os_tid = 0x154 [0103.332] CoGetContextToken (in: pToken=0x42cfc3c | out: pToken=0x42cfc3c) returned 0x0 [0103.332] CObjectContext::QueryInterface () returned 0x0 [0103.332] CObjectContext::GetCurrentThreadType () returned 0x0 [0103.332] Release () returned 0x0 [0103.332] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0103.332] RoInitialize () returned 0x1 [0103.332] RoUninitialize () returned 0x0 [0234.195] WinHttpCloseHandle (hInternet=0x5f9128) returned 1 [0234.196] CertFreeCertificateContext (pCertContext=0x5d6ff0) returned 1 [0234.196] CloseHandle (hObject=0x4e4) returned 1 [0234.197] CloseHandle (hObject=0x4e0) returned 1 [0234.197] RegCloseKey (hKey=0x4dc) returned 0x0 [0234.197] CloseHandle (hObject=0x4d8) returned 1 [0234.197] RegCloseKey (hKey=0x4d4) returned 0x0 [0234.198] CloseHandle (hObject=0x4d0) returned 1 [0234.198] RegCloseKey (hKey=0x4cc) returned 0x0 [0234.198] RegCloseKey (hKey=0x464) returned 0x0 [0234.200] CertFreeCertificateContext (pCertContext=0x5d73b0) returned 1 [0234.200] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸サ旙ݭЪᱦዃ䃹") returned 0x10 [0234.201] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.201] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.202] CertCloseStore (hCertStore=0x606cc8, dwFlags=0x0) returned 1 [0234.202] CertFreeCertificateContext (pCertContext=0x5d6ff0) returned 1 [0234.202] CertFreeCertificateContext (pCertContext=0x5d7130) returned 1 [0234.203] CloseHandle (hObject=0x434) returned 1 [0234.203] CloseHandle (hObject=0x430) returned 1 [0234.203] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸サ旙ݭЪᱦዃ䃹") returned 0x10 [0234.203] CloseHandle (hObject=0x42c) returned 1 [0234.203] CloseHandle (hObject=0x428) returned 1 [0234.203] CloseHandle (hObject=0x5fc) returned 1 [0234.204] CloseHandle (hObject=0x3f8) returned 1 [0234.204] CloseHandle (hObject=0x3f4) returned 1 [0234.204] CloseHandle (hObject=0x3f0) returned 1 [0234.205] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.205] CloseHandle (hObject=0x3ec) returned 1 [0234.205] CloseHandle (hObject=0x5e4) returned 1 [0234.205] CloseHandle (hObject=0x3e8) returned 1 [0234.205] SysStringLen (param_1="ᅒꛢ\폙睴霁漒少砀 ㄀∀) returned 0x10 [0234.205] WinHttpCloseHandle (hInternet=0x5fa680) returned 1 [0234.206] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.206] RegCloseKey (hKey=0x5f4) returned 0x0 [0234.206] CloseHandle (hObject=0x380) returned 1 [0234.206] CloseHandle (hObject=0x37c) returned 1 [0234.206] RegCloseKey (hKey=0x378) returned 0x0 [0234.207] CloseHandle (hObject=0x374) returned 1 [0234.207] RegCloseKey (hKey=0x370) returned 0x0 [0234.207] CloseHandle (hObject=0x36c) returned 1 [0234.207] RegCloseKey (hKey=0x368) returned 0x0 [0234.207] RegCloseKey (hKey=0x364) returned 0x0 [0234.208] CloseHandle (hObject=0x334) returned 1 [0234.208] CloseHandle (hObject=0x330) returned 1 [0234.209] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.209] FreeContextBuffer (in: pvContextBuffer=0x631cf0 | out: pvContextBuffer=0x631cf0) returned 0x0 [0234.209] CloseHandle (hObject=0x2d4) returned 1 [0234.209] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.209] CloseHandle (hObject=0x2d0) returned 1 [0234.209] CloseHandle (hObject=0x504) returned 1 [0234.210] CloseHandle (hObject=0x2cc) returned 1 [0234.210] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸쨒镾틊邈毕즜ᨚ") returned 0x10 [0234.210] CloseHandle (hObject=0x2c8) returned 1 [0234.210] CloseHandle (hObject=0x2c4) returned 1 [0234.210] CloseHandle (hObject=0x2c0) returned 1 [0234.211] CloseHandle (hObject=0x2b4) returned 1 [0234.211] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸サ旙ݭЪᱦዃ䃹") returned 0x10 [0234.211] CloseHandle (hObject=0x2bc) returned 1 [0234.211] SysStringLen (param_1="ⴆ蘵쑓ࣆઽៅ怈൸蒍裟쉏ⷁ㭳䢣➞") returned 0x10 [0234.211] CertFreeCertificateContext (pCertContext=0x6004d0) returned 1 Thread: id = 9 os_tid = 0x880 Thread: id = 10 os_tid = 0x838 Thread: id = 11 os_tid = 0x868 [0112.076] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0112.076] RoInitialize () returned 0x1 [0112.076] RoUninitialize () returned 0x0 [0112.078] ResetEvent (hEvent=0x3d8) returned 1 [0172.847] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0172.848] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0172.848] SetEvent (hEvent=0x3d8) returned 1 [0213.962] shutdown (s=0x490, how=2) returned 0 [0213.963] setsockopt (s=0x490, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0213.965] closesocket (s=0x490) returned 0 [0218.440] QueryContextAttributesW (in: phContext=0x2260038, ulAttribute=0x1a, pBuffer=0x4cff750 | out: pBuffer=0x4cff750) returned 0x0 [0218.473] DeleteSecurityContext (phContext=0x2260038) returned 0x0 [0218.476] shutdown (s=0x4f0, how=2) returned 0 [0218.481] setsockopt (s=0x4f0, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0218.481] closesocket (s=0x4f0) returned 0 [0222.854] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0222.854] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0222.855] SetEvent (hEvent=0x3d8) returned 1 [0272.868] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0272.868] ReleaseSemaphore (in: hSemaphore=0x610, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0272.868] SetEvent (hEvent=0x3d8) returned 1 Thread: id = 12 os_tid = 0xec8 Thread: id = 13 os_tid = 0xc4c [0122.815] CoGetContextToken (in: pToken=0x50dfebc | out: pToken=0x50dfebc) returned 0x0 [0122.836] CObjectContext::QueryInterface () returned 0x0 [0122.836] CObjectContext::GetCurrentThreadType () returned 0x0 [0122.836] Release () returned 0x0 [0122.836] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0122.836] RoInitialize () returned 0x1 [0122.836] RoUninitialize () returned 0x0 Thread: id = 14 os_tid = 0xdb4 Thread: id = 15 os_tid = 0xee0 [0222.875] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0222.877] CoGetContextToken (in: pToken=0x80fcc4 | out: pToken=0x80fcc4) returned 0x0 [0222.877] CObjectContext::QueryInterface () returned 0x0 [0222.878] CObjectContext::GetCurrentThreadType () returned 0x0 [0222.878] Release () returned 0x0 [0222.878] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0222.878] CoUninitialize () [0222.878] RoInitialize () returned 0x1 [0222.878] RoUninitialize () returned 0x0 [0222.879] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x80f9d4 | out: UnbiasedTime=0x80f9d4) returned 1 [0242.902] CoUninitialize () Thread: id = 16 os_tid = 0xdf0