# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 29.03.2024 05:51:26.965 Process: id = "1" image_name = "asih.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe" page_root = "0x5080a000" os_pid = "0x1110" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x678" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 119 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 120 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 121 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 122 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 123 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 124 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 125 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 126 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 127 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 128 start_va = 0x500000 end_va = 0x50afff monitored = 1 entry_point = 0x501000 region_type = mapped_file name = "asih.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe") Region: id = 129 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 130 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 131 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 132 start_va = 0x7fff0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 133 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 134 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 273 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 274 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 275 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 276 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 277 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 278 start_va = 0x510000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 279 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 283 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x73ea0000 end_va = 0x73f31fff monitored = 0 entry_point = 0x73ee0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 285 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 286 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 287 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 288 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 289 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 290 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 291 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 292 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 293 start_va = 0x790000 end_va = 0x917fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 294 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 295 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 296 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 297 start_va = 0x920000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 298 start_va = 0xab0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 299 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 300 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 301 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 302 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 303 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 304 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 305 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 306 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 307 start_va = 0x1eb0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 308 start_va = 0x1ff0000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 309 start_va = 0x75b80000 end_va = 0x75c9efff monitored = 0 entry_point = 0x75bc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 310 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 311 start_va = 0x1eb0000 end_va = 0x1f6bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 312 start_va = 0x1fe0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 313 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 314 start_va = 0x73e00000 end_va = 0x73e1cfff monitored = 0 entry_point = 0x73e03b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 315 start_va = 0x1ff0000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 316 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 317 start_va = 0x400000 end_va = 0x405fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 318 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 319 start_va = 0x1f0000 end_va = 0x1f5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 320 start_va = 0x1e0000 end_va = 0x1e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 321 start_va = 0x410000 end_va = 0x414fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 322 start_va = 0x420000 end_va = 0x425fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 323 start_va = 0x71130000 end_va = 0x7133cfff monitored = 0 entry_point = 0x7121acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 324 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 325 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 326 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 327 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 328 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 329 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 330 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 331 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 332 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 333 start_va = 0x1eb0000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 334 start_va = 0x2130000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 335 start_va = 0x2230000 end_va = 0x2566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 336 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 337 start_va = 0x75950000 end_va = 0x75a3afff monitored = 0 entry_point = 0x7598d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 338 start_va = 0x1f40000 end_va = 0x1fd0fff monitored = 0 entry_point = 0x1f78cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 339 start_va = 0x6fcb0000 end_va = 0x6fdfafff monitored = 0 entry_point = 0x6fd11660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 340 start_va = 0x74820000 end_va = 0x748b1fff monitored = 0 entry_point = 0x74858cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 341 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 342 start_va = 0x75700000 end_va = 0x75783fff monitored = 0 entry_point = 0x75726220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 343 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 344 start_va = 0x570000 end_va = 0x573fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 345 start_va = 0x1eb0000 end_va = 0x1ef4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 346 start_va = 0x1f30000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 347 start_va = 0x580000 end_va = 0x583fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 348 start_va = 0x1f40000 end_va = 0x1fcdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 349 start_va = 0x1f00000 end_va = 0x1f10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 350 start_va = 0x1f20000 end_va = 0x1f23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 351 start_va = 0x2070000 end_va = 0x2084fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 352 start_va = 0x1fd0000 end_va = 0x1fd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fd0000" filename = "" Region: id = 353 start_va = 0x2090000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 354 start_va = 0x2570000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 355 start_va = 0x20d0000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 356 start_va = 0x2670000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 357 start_va = 0x2770000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 358 start_va = 0x27b0000 end_va = 0x28affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 359 start_va = 0x28b0000 end_va = 0x28effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 360 start_va = 0x28f0000 end_va = 0x29effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 361 start_va = 0x29f0000 end_va = 0x2a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 362 start_va = 0x2a30000 end_va = 0x2b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a30000" filename = "" Region: id = 363 start_va = 0x71340000 end_va = 0x714bdfff monitored = 0 entry_point = 0x713bc630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 364 start_va = 0x736a0000 end_va = 0x7396afff monitored = 0 entry_point = 0x738dc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 365 start_va = 0x1f20000 end_va = 0x1f20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 366 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0x60c [0118.866] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe\" " [0118.866] GetModuleHandleA (lpModuleName=0x0) returned 0x500000 [0118.866] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0118.870] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0118.870] RegisterClassExA (param_1=0x505218) returned 0xc1db [0118.871] CreateWindowExA (dwExStyle=0x0, lpClassName="aroka", lpWindowName="wait", dwStyle=0x40000, X=-2680, Y=-6870, nWidth=542, nHeight=485, hWndParent=0x0, hMenu=0x0, hInstance=0x500000, lpParam=0x0) returned 0x0 [0119.472] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x24, wParam=0x0, lParam=0x19fb04) returned 0x0 [0119.473] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x81, wParam=0x0, lParam=0x19faf8) returned 0x1 [0119.479] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x83, wParam=0x0, lParam=0x19fae4) returned 0x0 [0119.490] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName="turok", dwStyle=0x10000001, X=10, Y=10, nWidth=320, nHeight=40, hWndParent=0x60046, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0119.491] GetLastError () returned 0x579 [0119.491] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x37) returned 0x0 [0119.491] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x36) returned 0xffffffff [0119.491] CreateFileA (lpFileName="last.inf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\last.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0119.492] GetLastError () returned 0x2 [0119.492] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x40000000, X=10, Y=70, nWidth=500, nHeight=430, hWndParent=0x60046, hMenu=0x1, hInstance=0x500000, lpParam=0x0) returned 0x6021e [0119.497] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x210, wParam=0x10001, lParam=0x6021e) returned 0x0 [0119.497] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName="turok", dwStyle=0x40000001, X=10, Y=380, nWidth=166, nHeight=34, hWndParent=0x1, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0119.497] GetLastError () returned 0x578 [0119.497] lstrcpyA (in: lpString1=0x5052b8, lpString2="Romantic" | out: lpString1="Romantic") returned="Romantic" [0119.497] CreateFontIndirectA (lplf=0x50529c) returned 0xc0a06e1 [0119.498] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x505044, lParam=0x38) returned 0x0 [0119.498] MoveWindow (hWnd=0x60046, X=-3700, Y=-3080, nWidth=540, nHeight=483, bRepaint=0) [0119.498] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x46, wParam=0x0, lParam=0x19f894) returned 0x0 [0119.498] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x24, wParam=0x0, lParam=0x19f554) returned 0x0 [0119.498] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x83, wParam=0x1, lParam=0x19f86c) returned 0x0 [0119.500] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x47, wParam=0x0, lParam=0x19f894) [0119.500] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x3, wParam=0x0, lParam=0xf417f194) returned 0x0 [0119.500] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x505008, lParam=0x38) returned 0x0 [0119.500] GetWindowRect (in: hWnd=0x60046, lpRect=0x19f3c0 | out: lpRect=0x19f3c0) returned 1 [0119.500] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x39) [0119.500] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3a) [0119.500] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3b) [0119.500] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x400000 [0119.500] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3d) [0119.500] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x1f0000 [0119.501] VirtualProtect (in: lpAddress=0x1f0000, dwSize=0x6000, flNewProtect=0x40, lpflOldProtect=0x50508e | out: lpflOldProtect=0x50508e*=0x4) returned 1 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3e) [0119.504] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x579) [0119.504] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x5052ec, lParam=0x40) [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.504] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.505] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.506] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.507] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.508] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.509] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.510] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.511] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.512] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.513] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.514] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.515] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.516] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.517] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0119.517] DestroyWindow (hWnd=0x60046) [0119.577] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0119.579] PostQuitMessage (nExitCode=6) [0119.583] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0119.597] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0119.597] UpdateWindow (hWnd=0x0) returned 0 [0119.597] GetMessageA (in: lpMsg=0x505248, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x505248) returned 0 [0119.600] VirtualAlloc (lpAddress=0x0, dwSize=0x48e4, flAllocationType=0x1000, flProtect=0x4) returned 0x410000 [0119.601] UnmapViewOfFile (lpBaseAddress=0x400000) returned 0 [0119.601] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x0 [0119.601] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x420000 [0119.601] VirtualAlloc (lpAddress=0x420000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x420000 [0119.601] VirtualAlloc (lpAddress=0x421000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x421000 [0119.602] VirtualAlloc (lpAddress=0x422000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x422000 [0119.602] VirtualAlloc (lpAddress=0x423000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x423000 [0119.602] VirtualAlloc (lpAddress=0x424000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x424000 [0119.602] VirtualAlloc (lpAddress=0x425000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x425000 [0119.602] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x71130000 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="HttpSendRequestW") returned 0x711f6ef0 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="InternetSetOptionW") returned 0x711fda70 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="InternetQueryOptionW") returned 0x711fcd20 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="HttpOpenRequestW") returned 0x711b0fd0 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="HttpQueryInfoW") returned 0x711ff060 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="InternetReadFile") returned 0x711b7320 [0119.805] GetProcAddress (hModule=0x71130000, lpProcName="InternetConnectW") returned 0x711e45f0 [0119.806] GetProcAddress (hModule=0x71130000, lpProcName="InternetOpenW") returned 0x711f8490 [0119.806] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x770a0000 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="GetTempPathW") returned 0x770c6b30 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="GetFileSize") returned 0x770c6a70 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="GetCurrentDirectoryW") returned 0x770ba9a0 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteFileW") returned 0x770c68c0 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="CloseHandle") returned 0x770c6630 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="WriteFile") returned 0x770c6ca0 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="lstrcmpW") returned 0x770b7970 [0119.806] GetProcAddress (hModule=0x770a0000, lpProcName="ReadFile") returned 0x770c6bb0 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleHandleW") returned 0x770b9bc0 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="ExitProcess") returned 0x770c7b30 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="HeapCreate") returned 0x770ba100 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="HeapAlloc") returned 0x77252bd0 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleFileNameW") returned 0x770b9b00 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFileW") returned 0x770c6890 [0119.807] GetProcAddress (hModule=0x770a0000, lpProcName="lstrlenW") returned 0x770b3690 [0119.807] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74c10000 [0119.807] GetProcAddress (hModule=0x74c10000, lpProcName="wsprintfW") returned 0x74c3f890 [0119.807] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75ca0000 [0121.387] GetProcAddress (hModule=0x75ca0000, lpProcName="ShellExecuteW") returned 0x75e3d9f0 [0121.387] VirtualProtect (in: lpAddress=0x420000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff1c | out: lpflOldProtect=0x19ff1c*=0x4) returned 1 [0121.387] VirtualProtect (in: lpAddress=0x421000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0121.388] VirtualProtect (in: lpAddress=0x422000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0121.389] VirtualProtect (in: lpAddress=0x423000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0121.389] VirtualProtect (in: lpAddress=0x424000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0121.390] VirtualProtect (in: lpAddress=0x425000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0121.390] VirtualFree (lpAddress=0x410000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.412] GetModuleHandleW (lpModuleName=0x0) returned 0x420000 [0121.412] HeapCreate (flOptions=0x0, dwInitialSize=0x2000, dwMaximumSize=0x0) returned 0x1f30000 [0121.413] RtlAllocateHeap (HeapHandle=0x1f30000, Flags=0x8, Size=0x2000) returned 0x1f305a8 [0121.413] RtlAllocateHeap (HeapHandle=0x1f30000, Flags=0x8, Size=0x2000) returned 0x1f325b0 [0121.413] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1f305a8, nSize=0x2000 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe")) returned 0x26 [0121.413] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x1f325b0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0121.413] wsprintfW (in: param_1=0x1f325b0, param_2="%s%s" | out: param_1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0121.414] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0121.414] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb9da [0121.414] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe") returned 38 [0121.414] RtlAllocateHeap (HeapHandle=0x1f30000, Flags=0x8, Size=0xba2a) returned 0x2130048 [0121.416] ReadFile (in: hFile=0x190, lpBuffer=0x2130048, nNumberOfBytesToRead=0xb9da, lpNumberOfBytesRead=0x19ff74, lpOverlapped=0x0 | out: lpBuffer=0x2130048*, lpNumberOfBytesRead=0x19ff74*=0xb9da, lpOverlapped=0x0) returned 1 [0121.416] lstrcmpW (lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe", lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 1 [0121.420] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe") returned 38 [0121.421] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0121.423] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe") returned 38 [0121.423] WriteFile (in: hFile=0x198, lpBuffer=0x2130048*, nNumberOfBytesToWrite=0xba2a, lpNumberOfBytesWritten=0x19ff74, lpOverlapped=0x0 | out: lpBuffer=0x2130048*, lpNumberOfBytesWritten=0x19ff74*=0xba2a, lpOverlapped=0x0) returned 1 [0121.425] CloseHandle (hObject=0x190) returned 1 [0121.425] CloseHandle (hObject=0x198) returned 1 [0121.428] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x1f305a8 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0121.428] ShellExecuteW (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", nShowCmd=0) returned 0x2a [0122.037] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x11b8 Thread: id = 3 os_tid = 0x664 Thread: id = 4 os_tid = 0x115c Thread: id = 5 os_tid = 0x660 Thread: id = 6 os_tid = 0x11fc Thread: id = 7 os_tid = 0x1158 Process: id = "2" image_name = "asih.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe" page_root = "0x50424000" os_pid = "0x1144" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1110" cmd_line = "\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe\" " cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 367 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 368 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 369 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 370 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 371 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 372 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 373 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 374 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 375 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 376 start_va = 0x500000 end_va = 0x50afff monitored = 1 entry_point = 0x501000 region_type = mapped_file name = "asih.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe") Region: id = 377 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 378 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 379 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 380 start_va = 0x7fff0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 381 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 382 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 383 start_va = 0x1d0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 384 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 385 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 386 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 387 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 388 start_va = 0x510000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 389 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 390 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 391 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 392 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 393 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 394 start_va = 0x73ea0000 end_va = 0x73f31fff monitored = 0 entry_point = 0x73ee0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 395 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 396 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 397 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 398 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 399 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 400 start_va = 0x510000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 401 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 402 start_va = 0x610000 end_va = 0x639fff monitored = 0 entry_point = 0x615680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 403 start_va = 0x7c0000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 404 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 405 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 406 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 407 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 408 start_va = 0x950000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 409 start_va = 0xae0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 410 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 411 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 412 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 413 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 414 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 415 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 416 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 417 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 418 start_va = 0x1ee0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 419 start_va = 0x1ee0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 420 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 421 start_va = 0x75b80000 end_va = 0x75c9efff monitored = 0 entry_point = 0x75bc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 422 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 423 start_va = 0x1ee0000 end_va = 0x1f9bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Region: id = 424 start_va = 0x1fb0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 425 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 426 start_va = 0x73e00000 end_va = 0x73e1cfff monitored = 0 entry_point = 0x73e03b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 427 start_va = 0x610000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 428 start_va = 0x690000 end_va = 0x695fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 429 start_va = 0x6a0000 end_va = 0x6a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 430 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 431 start_va = 0x6b0000 end_va = 0x6b4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 432 start_va = 0x1ee0000 end_va = 0x1ee5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 433 start_va = 0x71130000 end_va = 0x7133cfff monitored = 0 entry_point = 0x7121acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 434 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 435 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 436 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 437 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 438 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 439 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 440 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 441 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 442 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 443 start_va = 0x20d0000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 444 start_va = 0x1fc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 445 start_va = 0x2210000 end_va = 0x2546fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 446 start_va = 0x736a0000 end_va = 0x7396afff monitored = 0 entry_point = 0x738dc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 447 start_va = 0x6b0000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 448 start_va = 0x74820000 end_va = 0x748b1fff monitored = 0 entry_point = 0x74858cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 449 start_va = 0x20d0000 end_va = 0x21b9fff monitored = 0 entry_point = 0x210d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 450 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 451 start_va = 0x1ef0000 end_va = 0x1ef0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 452 start_va = 0x74db0000 end_va = 0x74e0efff monitored = 0 entry_point = 0x74db4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 453 start_va = 0x710e0000 end_va = 0x710f1fff monitored = 0 entry_point = 0x710e4510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 454 start_va = 0x710b0000 end_va = 0x710defff monitored = 0 entry_point = 0x710bbb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 455 start_va = 0x71010000 end_va = 0x710aafff monitored = 0 entry_point = 0x7104f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 456 start_va = 0x1f00000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 457 start_va = 0x20d0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 458 start_va = 0x70fc0000 end_va = 0x7100efff monitored = 0 entry_point = 0x70fcd850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 459 start_va = 0x70fb0000 end_va = 0x70fb7fff monitored = 0 entry_point = 0x70fb1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 460 start_va = 0x747b0000 end_va = 0x747b6fff monitored = 0 entry_point = 0x747b1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 461 start_va = 0x1f40000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 462 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 463 start_va = 0x2650000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 464 start_va = 0x2690000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 465 start_va = 0x70aa0000 end_va = 0x70b23fff monitored = 0 entry_point = 0x70ac6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 466 start_va = 0x71340000 end_va = 0x714bdfff monitored = 0 entry_point = 0x713bc630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 467 start_va = 0x1f80000 end_va = 0x1f80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f80000" filename = "" Region: id = 468 start_va = 0x1f90000 end_va = 0x1f90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f90000" filename = "" Region: id = 469 start_va = 0x75700000 end_va = 0x75783fff monitored = 0 entry_point = 0x75726220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 470 start_va = 0x1fa0000 end_va = 0x1fa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 471 start_va = 0x2790000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 472 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 473 start_va = 0x28d0000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 474 start_va = 0x2910000 end_va = 0x2a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 627 start_va = 0x2a10000 end_va = 0x2a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 628 start_va = 0x2a50000 end_va = 0x2b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 629 start_va = 0x6f990000 end_va = 0x6f997fff monitored = 0 entry_point = 0x6f991920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 630 start_va = 0x6f940000 end_va = 0x6f986fff monitored = 0 entry_point = 0x6f9558d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 631 start_va = 0x71100000 end_va = 0x7111afff monitored = 0 entry_point = 0x71109050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 632 start_va = 0x21d0000 end_va = 0x21d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 633 start_va = 0x21e0000 end_va = 0x21e7fff monitored = 0 entry_point = 0x21e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 634 start_va = 0x21f0000 end_va = 0x21f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 635 start_va = 0x21e0000 end_va = 0x21e7fff monitored = 0 entry_point = 0x21e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 636 start_va = 0x21f0000 end_va = 0x21f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 637 start_va = 0x21e0000 end_va = 0x21e7fff monitored = 0 entry_point = 0x21e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 638 start_va = 0x21f0000 end_va = 0x21f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 639 start_va = 0x21e0000 end_va = 0x21e7fff monitored = 0 entry_point = 0x21e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 640 start_va = 0x21f0000 end_va = 0x21f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Thread: id = 8 os_tid = 0x1150 [0122.208] GetCommandLineA () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe\" " [0122.208] GetModuleHandleA (lpModuleName=0x0) returned 0x500000 [0122.208] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0122.211] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0122.211] RegisterClassExA (param_1=0x505218) returned 0xc1db [0122.212] CreateWindowExA (dwExStyle=0x0, lpClassName="aroka", lpWindowName="wait", dwStyle=0x40000, X=-2680, Y=-6870, nWidth=542, nHeight=485, hWndParent=0x0, hMenu=0x0, hInstance=0x500000, lpParam=0x0) returned 0x0 [0122.281] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x24, wParam=0x0, lParam=0x19fb04) returned 0x0 [0122.282] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x81, wParam=0x0, lParam=0x19faf8) returned 0x1 [0122.287] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x83, wParam=0x0, lParam=0x19fae4) returned 0x0 [0122.294] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName="turok", dwStyle=0x10000001, X=10, Y=10, nWidth=320, nHeight=40, hWndParent=0x6025e, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0122.294] GetLastError () returned 0x579 [0122.294] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x37) returned 0x0 [0122.294] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x36) returned 0xffffffff [0122.294] CreateFileA (lpFileName="last.inf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\last.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0122.294] GetLastError () returned 0x2 [0122.294] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x40000000, X=10, Y=70, nWidth=500, nHeight=430, hWndParent=0x6025e, hMenu=0x1, hInstance=0x500000, lpParam=0x0) returned 0x7021e [0122.297] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x210, wParam=0x10001, lParam=0x7021e) returned 0x0 [0122.297] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName="turok", dwStyle=0x40000001, X=10, Y=380, nWidth=166, nHeight=34, hWndParent=0x1, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0122.298] GetLastError () returned 0x578 [0122.298] lstrcpyA (in: lpString1=0x5052b8, lpString2="Romantic" | out: lpString1="Romantic") returned="Romantic" [0122.298] CreateFontIndirectA (lplf=0x50529c) returned 0x470a05ca [0122.298] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x505044, lParam=0x38) returned 0x0 [0122.298] MoveWindow (hWnd=0x6025e, X=-3700, Y=-3080, nWidth=540, nHeight=483, bRepaint=0) [0122.298] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x46, wParam=0x0, lParam=0x19f894) returned 0x0 [0122.298] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x24, wParam=0x0, lParam=0x19f554) returned 0x0 [0122.298] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x83, wParam=0x1, lParam=0x19f86c) returned 0x0 [0122.300] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x47, wParam=0x0, lParam=0x19f894) [0122.300] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x3, wParam=0x0, lParam=0xf417f194) returned 0x0 [0122.300] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x505008, lParam=0x38) returned 0x0 [0122.300] GetWindowRect (in: hWnd=0x6025e, lpRect=0x19f3c0 | out: lpRect=0x19f3c0) returned 1 [0122.300] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x39) [0122.300] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x3a) [0122.300] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x3b) [0122.300] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x0 [0122.300] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x3c) [0122.301] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x690000 [0122.301] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x3d) [0122.301] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x6a0000 [0122.301] VirtualProtect (in: lpAddress=0x6a0000, dwSize=0x6000, flNewProtect=0x40, lpflOldProtect=0x50508e | out: lpflOldProtect=0x50508e*=0x4) returned 1 [0122.303] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x3e) [0122.303] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x0, lParam=0x579) [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x111, wParam=0x5052ec, lParam=0x40) [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.304] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.305] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.306] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.307] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.308] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.309] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.310] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.311] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.312] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.313] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.314] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.315] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.316] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] SendMessageA (hWnd=0x6025e, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0122.317] DestroyWindow (hWnd=0x6025e) [0122.317] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0122.319] PostQuitMessage (nExitCode=6) [0122.322] NtdllDefWindowProc_A (hWnd=0x6025e, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0122.330] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0122.330] UpdateWindow (hWnd=0x0) returned 0 [0122.330] GetMessageA (in: lpMsg=0x505248, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x505248) returned 0 [0122.332] VirtualAlloc (lpAddress=0x0, dwSize=0x48e4, flAllocationType=0x1000, flProtect=0x4) returned 0x6b0000 [0122.333] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0122.333] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x1ee0000 [0122.333] VirtualAlloc (lpAddress=0x1ee0000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee0000 [0122.333] VirtualAlloc (lpAddress=0x1ee1000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee1000 [0122.334] VirtualAlloc (lpAddress=0x1ee2000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee2000 [0122.334] VirtualAlloc (lpAddress=0x1ee3000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee3000 [0122.334] VirtualAlloc (lpAddress=0x1ee4000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee4000 [0122.334] VirtualAlloc (lpAddress=0x1ee5000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee5000 [0122.335] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x71130000 [0122.346] GetProcAddress (hModule=0x71130000, lpProcName="HttpSendRequestW") returned 0x711f6ef0 [0122.346] GetProcAddress (hModule=0x71130000, lpProcName="InternetSetOptionW") returned 0x711fda70 [0122.347] GetProcAddress (hModule=0x71130000, lpProcName="InternetQueryOptionW") returned 0x711fcd20 [0122.347] GetProcAddress (hModule=0x71130000, lpProcName="HttpOpenRequestW") returned 0x711b0fd0 [0122.347] GetProcAddress (hModule=0x71130000, lpProcName="HttpQueryInfoW") returned 0x711ff060 [0122.347] GetProcAddress (hModule=0x71130000, lpProcName="InternetReadFile") returned 0x711b7320 [0122.347] GetProcAddress (hModule=0x71130000, lpProcName="InternetConnectW") returned 0x711e45f0 [0122.347] GetProcAddress (hModule=0x71130000, lpProcName="InternetOpenW") returned 0x711f8490 [0122.347] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x770a0000 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="GetTempPathW") returned 0x770c6b30 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="GetFileSize") returned 0x770c6a70 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="GetCurrentDirectoryW") returned 0x770ba9a0 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteFileW") returned 0x770c68c0 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="CloseHandle") returned 0x770c6630 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="WriteFile") returned 0x770c6ca0 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="lstrcmpW") returned 0x770b7970 [0122.348] GetProcAddress (hModule=0x770a0000, lpProcName="ReadFile") returned 0x770c6bb0 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleHandleW") returned 0x770b9bc0 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="ExitProcess") returned 0x770c7b30 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="HeapCreate") returned 0x770ba100 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="HeapAlloc") returned 0x77252bd0 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleFileNameW") returned 0x770b9b00 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFileW") returned 0x770c6890 [0122.349] GetProcAddress (hModule=0x770a0000, lpProcName="lstrlenW") returned 0x770b3690 [0122.349] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74c10000 [0122.350] GetProcAddress (hModule=0x74c10000, lpProcName="wsprintfW") returned 0x74c3f890 [0122.350] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75ca0000 [0122.452] GetProcAddress (hModule=0x75ca0000, lpProcName="ShellExecuteW") returned 0x75e3d9f0 [0122.452] VirtualProtect (in: lpAddress=0x1ee0000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff1c | out: lpflOldProtect=0x19ff1c*=0x4) returned 1 [0122.453] VirtualProtect (in: lpAddress=0x1ee1000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0122.454] VirtualProtect (in: lpAddress=0x1ee2000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0122.454] VirtualProtect (in: lpAddress=0x1ee3000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0122.454] VirtualProtect (in: lpAddress=0x1ee4000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0122.455] VirtualProtect (in: lpAddress=0x1ee5000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0122.455] VirtualFree (lpAddress=0x6b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.457] GetModuleHandleW (lpModuleName=0x0) returned 0x1ee0000 [0122.457] HeapCreate (flOptions=0x0, dwInitialSize=0x2000, dwMaximumSize=0x0) returned 0x2200000 [0122.458] RtlAllocateHeap (HeapHandle=0x2200000, Flags=0x8, Size=0x2000) returned 0x22005a8 [0122.458] RtlAllocateHeap (HeapHandle=0x2200000, Flags=0x8, Size=0x2000) returned 0x22025b0 [0122.458] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x22005a8, nSize=0x2000 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe")) returned 0x2d [0122.458] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x22025b0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0122.458] wsprintfW (in: param_1=0x22025b0, param_2="%s%s" | out: param_1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0122.458] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0122.458] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xba2a [0122.458] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0122.458] RtlAllocateHeap (HeapHandle=0x2200000, Flags=0x8, Size=0xba88) returned 0x1fc0048 [0122.459] ReadFile (in: hFile=0x190, lpBuffer=0x1fc0048, nNumberOfBytesToRead=0xba2a, lpNumberOfBytesRead=0x19ff74, lpOverlapped=0x0 | out: lpBuffer=0x1fc0048*, lpNumberOfBytesRead=0x19ff74*=0xba2a, lpOverlapped=0x0) returned 1 [0122.460] lstrcmpW (lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe", lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 0 [0122.464] CloseHandle (hObject=0x190) returned 1 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.465] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.466] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.467] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.468] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.469] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.470] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.470] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.470] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.470] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.470] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.497] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.497] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.498] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.499] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.500] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.501] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.502] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.503] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.504] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.505] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.506] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.507] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.508] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.509] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.510] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.511] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.512] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.513] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.514] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0122.793] InternetOpenW (lpszAgent="Updates downloader", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0122.896] InternetConnectW (hInternet=0xcc0004, lpszServerName="emrlogistics.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0122.897] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb=0x0, lpszObjectName="/fr/to2.exe", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x19ff58*="text/*", dwFlags=0x80803000, dwContext=0x0) returned 0xcc000c [0122.898] InternetQueryOptionW (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x19ff6c, lpdwBufferLength=0x19ff64 | out: lpBuffer=0x19ff6c, lpdwBufferLength=0x19ff64) returned 1 [0122.898] InternetSetOptionW (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x19ff6c*, dwBufferLength=0x4) returned 1 [0122.899] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0167.127] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0209.452] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0251.575] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0293.628] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0335.796] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) Thread: id = 9 os_tid = 0x1154 Thread: id = 10 os_tid = 0x1140 Thread: id = 11 os_tid = 0x1204 Thread: id = 12 os_tid = 0x120c Thread: id = 13 os_tid = 0x1208 Thread: id = 14 os_tid = 0x1200 Thread: id = 21 os_tid = 0x11f8 Process: id = "3" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x2172a000" os_pid = "0x99c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 475 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 476 start_va = 0xa8ce680000 end_va = 0xa8ce77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8ce680000" filename = "" Region: id = 477 start_va = 0xa8ce800000 end_va = 0xa8ce9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8ce800000" filename = "" Region: id = 478 start_va = 0xa8ceb00000 end_va = 0xa8cebfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8ceb00000" filename = "" Region: id = 479 start_va = 0xa8cee00000 end_va = 0xa8ceefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cee00000" filename = "" Region: id = 480 start_va = 0xa8cf000000 end_va = 0xa8cf0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf000000" filename = "" Region: id = 481 start_va = 0xa8cf100000 end_va = 0xa8cf1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf100000" filename = "" Region: id = 482 start_va = 0xa8cf200000 end_va = 0xa8cf2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf200000" filename = "" Region: id = 483 start_va = 0x1cd529b0000 end_va = 0x1cd529bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd529b0000" filename = "" Region: id = 484 start_va = 0x1cd529c0000 end_va = 0x1cd529c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd529c0000" filename = "" Region: id = 485 start_va = 0x1cd529d0000 end_va = 0x1cd529e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd529d0000" filename = "" Region: id = 486 start_va = 0x1cd529f0000 end_va = 0x1cd529f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd529f0000" filename = "" Region: id = 487 start_va = 0x1cd52a00000 end_va = 0x1cd52a01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52a00000" filename = "" Region: id = 488 start_va = 0x1cd52a10000 end_va = 0x1cd52acdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 489 start_va = 0x1cd52ad0000 end_va = 0x1cd52ad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52ad0000" filename = "" Region: id = 490 start_va = 0x1cd52ae0000 end_va = 0x1cd52ae6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52ae0000" filename = "" Region: id = 491 start_va = 0x1cd52af0000 end_va = 0x1cd52af0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52af0000" filename = "" Region: id = 492 start_va = 0x1cd52b00000 end_va = 0x1cd52b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b00000" filename = "" Region: id = 493 start_va = 0x1cd52b10000 end_va = 0x1cd52b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b10000" filename = "" Region: id = 494 start_va = 0x1cd52b20000 end_va = 0x1cd52b20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b20000" filename = "" Region: id = 495 start_va = 0x1cd52b30000 end_va = 0x1cd52b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b30000" filename = "" Region: id = 496 start_va = 0x1cd52b40000 end_va = 0x1cd52b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b40000" filename = "" Region: id = 497 start_va = 0x1cd52b50000 end_va = 0x1cd52b5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b50000" filename = "" Region: id = 498 start_va = 0x1cd52b60000 end_va = 0x1cd52b6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b60000" filename = "" Region: id = 499 start_va = 0x1cd52b70000 end_va = 0x1cd52b7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b70000" filename = "" Region: id = 500 start_va = 0x1cd52b80000 end_va = 0x1cd52b8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b80000" filename = "" Region: id = 501 start_va = 0x1cd52b90000 end_va = 0x1cd52b9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b90000" filename = "" Region: id = 502 start_va = 0x1cd52ba0000 end_va = 0x1cd52baffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52ba0000" filename = "" Region: id = 503 start_va = 0x1cd52bb0000 end_va = 0x1cd52bb7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52bb0000" filename = "" Region: id = 504 start_va = 0x1cd52bc0000 end_va = 0x1cd52bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52bc0000" filename = "" Region: id = 505 start_va = 0x1cd52bd0000 end_va = 0x1cd52bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52bd0000" filename = "" Region: id = 506 start_va = 0x1cd52be0000 end_va = 0x1cd52cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52be0000" filename = "" Region: id = 507 start_va = 0x1cd52ce0000 end_va = 0x1cd52ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52ce0000" filename = "" Region: id = 508 start_va = 0x1cd52de0000 end_va = 0x1cd52deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52de0000" filename = "" Region: id = 509 start_va = 0x1cd52df0000 end_va = 0x1cd52dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52df0000" filename = "" Region: id = 510 start_va = 0x1cd52e00000 end_va = 0x1cd52e0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e00000" filename = "" Region: id = 511 start_va = 0x1cd52e10000 end_va = 0x1cd52e1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e10000" filename = "" Region: id = 512 start_va = 0x1cd52e20000 end_va = 0x1cd52e2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e20000" filename = "" Region: id = 513 start_va = 0x1cd52e30000 end_va = 0x1cd52e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e30000" filename = "" Region: id = 514 start_va = 0x1cd52e40000 end_va = 0x1cd52e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52e40000" filename = "" Region: id = 515 start_va = 0x1cd52e50000 end_va = 0x1cd52e53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52e50000" filename = "" Region: id = 516 start_va = 0x1cd52e60000 end_va = 0x1cd52e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52e60000" filename = "" Region: id = 517 start_va = 0x1cd52e70000 end_va = 0x1cd52ff7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e70000" filename = "" Region: id = 518 start_va = 0x1cd53000000 end_va = 0x1cd53180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd53000000" filename = "" Region: id = 519 start_va = 0x1cd53190000 end_va = 0x1cd5458ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd53190000" filename = "" Region: id = 520 start_va = 0x1cd54590000 end_va = 0x1cd548c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 521 start_va = 0x1cd548d0000 end_va = 0x1cd558cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd548d0000" filename = "" Region: id = 522 start_va = 0x1cd558d0000 end_va = 0x1cd558d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd558d0000" filename = "" Region: id = 523 start_va = 0x1cd558e0000 end_va = 0x1cd558e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd558e0000" filename = "" Region: id = 524 start_va = 0x1cd558f0000 end_va = 0x1cd5597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd558f0000" filename = "" Region: id = 525 start_va = 0x1cd55980000 end_va = 0x1cd55987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55980000" filename = "" Region: id = 526 start_va = 0x1cd55990000 end_va = 0x1cd55991fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55990000" filename = "" Region: id = 527 start_va = 0x1cd559a0000 end_va = 0x1cd55a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd559a0000" filename = "" Region: id = 528 start_va = 0x1cd55aa0000 end_va = 0x1cd55aaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 529 start_va = 0x1cd55ab0000 end_va = 0x1cd55abffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 530 start_va = 0x1cd55ac0000 end_va = 0x1cd55acffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 531 start_va = 0x1cd55ad0000 end_va = 0x1cd55adffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 532 start_va = 0x1cd55af0000 end_va = 0x1cd55afffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 533 start_va = 0x1cd55b00000 end_va = 0x1cd55b0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 534 start_va = 0x1cd55b10000 end_va = 0x1cd55b1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 535 start_va = 0x1cd55b20000 end_va = 0x1cd55b2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 536 start_va = 0x1cd55b30000 end_va = 0x1cd55b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 537 start_va = 0x1cd55b40000 end_va = 0x1cd55b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 538 start_va = 0x1cd55b50000 end_va = 0x1cd55b5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 539 start_va = 0x1cd55b60000 end_va = 0x1cd55b6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 540 start_va = 0x1cd55b70000 end_va = 0x1cd55b7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 541 start_va = 0x1cd55b80000 end_va = 0x1cd55b8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 542 start_va = 0x1cd55b90000 end_va = 0x1cd55b9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 543 start_va = 0x1cd55ba0000 end_va = 0x1cd55ba7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ba0000" filename = "" Region: id = 544 start_va = 0x1cd55bb0000 end_va = 0x1cd55bbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 545 start_va = 0x1cd55bc0000 end_va = 0x1cd55bcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 546 start_va = 0x1cd55bd0000 end_va = 0x1cd55bdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 547 start_va = 0x1cd55be0000 end_va = 0x1cd55beffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 548 start_va = 0x1cd55bf0000 end_va = 0x1cd55bf7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55bf0000" filename = "" Region: id = 549 start_va = 0x1cd55c00000 end_va = 0x1cd55c0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 550 start_va = 0x1cd55c20000 end_va = 0x1cd55c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd55c20000" filename = "" Region: id = 551 start_va = 0x1cd55c30000 end_va = 0x1cd55c3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 552 start_va = 0x1cd55c40000 end_va = 0x1cd55c4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 553 start_va = 0x1cd55c50000 end_va = 0x1cd55c5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 554 start_va = 0x1cd55c60000 end_va = 0x1cd55c6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 555 start_va = 0x1cd55c70000 end_va = 0x1cd55c7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 556 start_va = 0x1cd55c80000 end_va = 0x1cd55c8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 557 start_va = 0x1cd55c90000 end_va = 0x1cd55c9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 558 start_va = 0x1cd55ca0000 end_va = 0x1cd55caffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 559 start_va = 0x1cd55cb0000 end_va = 0x1cd55cbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd55cb0000" filename = "" Region: id = 560 start_va = 0x1cd55cc0000 end_va = 0x1cd55ccffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 561 start_va = 0x1cd55cd0000 end_va = 0x1cd55cdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 562 start_va = 0x1cd55ce0000 end_va = 0x1cd55ceffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 563 start_va = 0x1cd55cf0000 end_va = 0x1cd55cfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 564 start_va = 0x1cd55d00000 end_va = 0x1cd55d0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 565 start_va = 0x1cd55d10000 end_va = 0x1cd55d1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 566 start_va = 0x1cd55d20000 end_va = 0x1cd55d2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 567 start_va = 0x1cd55d30000 end_va = 0x1cd55d3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 568 start_va = 0x1cd55d40000 end_va = 0x1cd55d4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 569 start_va = 0x1cd55d50000 end_va = 0x1cd55d5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 570 start_va = 0x1cd55d60000 end_va = 0x1cd55d6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 571 start_va = 0x1cd55d70000 end_va = 0x1cd55d7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 572 start_va = 0x1cd55d80000 end_va = 0x1cd55d8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 573 start_va = 0x1cd55d90000 end_va = 0x1cd55d9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 574 start_va = 0x1cd55da0000 end_va = 0x1cd55daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd55da0000" filename = "" Region: id = 575 start_va = 0x1cd55db0000 end_va = 0x1cd55dbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 576 start_va = 0x1cd55dd0000 end_va = 0x1cd55ddffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 577 start_va = 0x1cd55de0000 end_va = 0x1cd55deffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 578 start_va = 0x1cd55df0000 end_va = 0x1cd55dfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 579 start_va = 0x1cd55e00000 end_va = 0x1cd55e0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 580 start_va = 0x1cd55e10000 end_va = 0x1cd55e1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 581 start_va = 0x1cd55e20000 end_va = 0x1cd55e2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 582 start_va = 0x1cd55e30000 end_va = 0x1cd55e3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 583 start_va = 0x1cd55e40000 end_va = 0x1cd55e4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 584 start_va = 0x1cd55e50000 end_va = 0x1cd55e5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 585 start_va = 0x1cd55e60000 end_va = 0x1cd55e6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 586 start_va = 0x1cd55e70000 end_va = 0x1cd55e7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 587 start_va = 0x1cd55e80000 end_va = 0x1cd55e8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 588 start_va = 0x1cd55e90000 end_va = 0x1cd55e9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 589 start_va = 0x1cd55ec0000 end_va = 0x1cd55ec7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ec0000" filename = "" Region: id = 590 start_va = 0x1cd55ed0000 end_va = 0x1cd55edffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 591 start_va = 0x1cd55ee0000 end_va = 0x1cd55eeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 592 start_va = 0x7df5ffba0000 end_va = 0x7ff5ffb9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffba0000" filename = "" Region: id = 593 start_va = 0x7ff793e80000 end_va = 0x7ff793f7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff793e80000" filename = "" Region: id = 594 start_va = 0x7ff793f80000 end_va = 0x7ff793fa2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff793f80000" filename = "" Region: id = 595 start_va = 0x7ff794540000 end_va = 0x7ff794546fff monitored = 0 entry_point = 0x7ff794541570 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 596 start_va = 0x7fffdcd30000 end_va = 0x7fffdcd44fff monitored = 0 entry_point = 0x7fffdcd35740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 597 start_va = 0x7fffdcd60000 end_va = 0x7fffdcfedfff monitored = 0 entry_point = 0x7fffdce30f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 598 start_va = 0x7fffe0b20000 end_va = 0x7fffe0e18fff monitored = 0 entry_point = 0x7fffe0be7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 599 start_va = 0x7fffe6fe0000 end_va = 0x7fffe7361fff monitored = 0 entry_point = 0x7fffe7031220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 600 start_va = 0x7fffeb740000 end_va = 0x7fffeb7d5fff monitored = 0 entry_point = 0x7fffeb765570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 601 start_va = 0x7fffec2b0000 end_va = 0x7fffec2e0fff monitored = 0 entry_point = 0x7fffec2b7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 602 start_va = 0x7fffec520000 end_va = 0x7fffec53efff monitored = 0 entry_point = 0x7fffec525d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 603 start_va = 0x7fffec860000 end_va = 0x7fffec86afff monitored = 0 entry_point = 0x7fffec8619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 604 start_va = 0x7fffecc50000 end_va = 0x7fffecc78fff monitored = 0 entry_point = 0x7fffecc64530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 605 start_va = 0x7fffecdc0000 end_va = 0x7fffecdd3fff monitored = 0 entry_point = 0x7fffecdc52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 606 start_va = 0x7fffecde0000 end_va = 0x7fffece2afff monitored = 0 entry_point = 0x7fffecde35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 607 start_va = 0x7fffece40000 end_va = 0x7fffece4efff monitored = 0 entry_point = 0x7fffece43210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 608 start_va = 0x7fffece50000 end_va = 0x7fffed037fff monitored = 0 entry_point = 0x7fffece7ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 609 start_va = 0x7fffed0f0000 end_va = 0x7fffed733fff monitored = 0 entry_point = 0x7fffed2b64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 610 start_va = 0x7fffed740000 end_va = 0x7fffed7a9fff monitored = 0 entry_point = 0x7fffed776d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 611 start_va = 0x7fffed810000 end_va = 0x7fffed8c4fff monitored = 0 entry_point = 0x7fffed8522e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 612 start_va = 0x7fffed8f0000 end_va = 0x7fffed932fff monitored = 0 entry_point = 0x7fffed904b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 613 start_va = 0x7fffedba0000 end_va = 0x7fffedbfafff monitored = 0 entry_point = 0x7fffedbb38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 614 start_va = 0x7fffedd80000 end_va = 0x7fffede26fff monitored = 0 entry_point = 0x7fffedd958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 615 start_va = 0x7fffede30000 end_va = 0x7fffeded6fff monitored = 0 entry_point = 0x7fffede3b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 616 start_va = 0x7fffedee0000 end_va = 0x7fffedf31fff monitored = 0 entry_point = 0x7fffedeef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 617 start_va = 0x7fffedf50000 end_va = 0x7fffedf8afff monitored = 0 entry_point = 0x7fffedf512f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 618 start_va = 0x7fffee060000 end_va = 0x7fffef5befff monitored = 0 entry_point = 0x7fffee1c11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 619 start_va = 0x7fffef9f0000 end_va = 0x7fffefc6cfff monitored = 0 entry_point = 0x7fffefac4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 620 start_va = 0x7fffefd90000 end_va = 0x7fffefeabfff monitored = 0 entry_point = 0x7fffefdd02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 621 start_va = 0x7fffefeb0000 end_va = 0x7fffeff5cfff monitored = 0 entry_point = 0x7fffefec81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 622 start_va = 0x7fffeff60000 end_va = 0x7ffff00b5fff monitored = 0 entry_point = 0x7fffeff6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 623 start_va = 0x7ffff00c0000 end_va = 0x7ffff0180fff monitored = 0 entry_point = 0x7ffff00e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 624 start_va = 0x7ffff0340000 end_va = 0x7ffff04c5fff monitored = 0 entry_point = 0x7ffff038ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 625 start_va = 0x7ffff0700000 end_va = 0x7ffff079cfff monitored = 0 entry_point = 0x7ffff07078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 626 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 641 start_va = 0x1cd55ae0000 end_va = 0x1cd55ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ae0000" filename = "" Region: id = 642 start_va = 0x1cd55ae0000 end_va = 0x1cd55aeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 643 start_va = 0x1cd55c10000 end_va = 0x1cd55c17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55c10000" filename = "" Region: id = 644 start_va = 0x1cd55dc0000 end_va = 0x1cd55dcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 645 start_va = 0x1cd55ea0000 end_va = 0x1cd55ea7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ea0000" filename = "" Region: id = 646 start_va = 0x1cd55eb0000 end_va = 0x1cd55eb7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55eb0000" filename = "" Region: id = 647 start_va = 0x1cd55ef0000 end_va = 0x1cd55ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ef0000" filename = "" Region: id = 648 start_va = 0x1cd55ef0000 end_va = 0x1cd55ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ef0000" filename = "" Region: id = 649 start_va = 0x1cd55ef0000 end_va = 0x1cd55ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ef0000" filename = "" Region: id = 650 start_va = 0x1cd55ef0000 end_va = 0x1cd55ef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ef0000" filename = "" Region: id = 651 start_va = 0x1cd55ef0000 end_va = 0x1cd55ef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ef0000" filename = "" Region: id = 652 start_va = 0x1cd55f00000 end_va = 0x1cd55f07fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f00000" filename = "" Region: id = 653 start_va = 0x1cd55f10000 end_va = 0x1cd55f17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f10000" filename = "" Region: id = 654 start_va = 0x1cd55f20000 end_va = 0x1cd55f27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f20000" filename = "" Region: id = 655 start_va = 0x1cd55f30000 end_va = 0x1cd55f37fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f30000" filename = "" Region: id = 656 start_va = 0x1cd55f40000 end_va = 0x1cd55f47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f40000" filename = "" Region: id = 657 start_va = 0x1cd55f50000 end_va = 0x1cd55f57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f50000" filename = "" Region: id = 658 start_va = 0x1cd55f60000 end_va = 0x1cd55f67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f60000" filename = "" Region: id = 659 start_va = 0x1cd55f70000 end_va = 0x1cd55f77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f70000" filename = "" Region: id = 660 start_va = 0x1cd55f80000 end_va = 0x1cd55f87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f80000" filename = "" Region: id = 661 start_va = 0x1cd55f90000 end_va = 0x1cd55f97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f90000" filename = "" Region: id = 662 start_va = 0x1cd55fa0000 end_va = 0x1cd55fa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fa0000" filename = "" Region: id = 663 start_va = 0x1cd55fb0000 end_va = 0x1cd55fb7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fb0000" filename = "" Region: id = 664 start_va = 0x1cd55fc0000 end_va = 0x1cd55fc7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fc0000" filename = "" Region: id = 665 start_va = 0x1cd55fd0000 end_va = 0x1cd55fd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fd0000" filename = "" Region: id = 666 start_va = 0x1cd55fe0000 end_va = 0x1cd55fe7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fe0000" filename = "" Region: id = 667 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 668 start_va = 0x1cd56000000 end_va = 0x1cd5600ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 669 start_va = 0x1cd55c10000 end_va = 0x1cd55c1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 670 start_va = 0x1cd55eb0000 end_va = 0x1cd55ebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 671 start_va = 0x1cd55ef0000 end_va = 0x1cd55efffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 672 start_va = 0x1cd55f00000 end_va = 0x1cd55f0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 673 start_va = 0x1cd55f10000 end_va = 0x1cd55f1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 674 start_va = 0x1cd55f20000 end_va = 0x1cd55f2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 675 start_va = 0x1cd55f30000 end_va = 0x1cd55f3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 676 start_va = 0x1cd55f40000 end_va = 0x1cd55f4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 677 start_va = 0x1cd55f50000 end_va = 0x1cd55f5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 678 start_va = 0x1cd55f60000 end_va = 0x1cd55f6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 679 start_va = 0x1cd55f70000 end_va = 0x1cd55f7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 680 start_va = 0x1cd55f80000 end_va = 0x1cd55f8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 681 start_va = 0x1cd55ea0000 end_va = 0x1cd55eaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 682 start_va = 0x1cd55f90000 end_va = 0x1cd55f9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 683 start_va = 0x1cd55fa0000 end_va = 0x1cd55faffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 684 start_va = 0x1cd55fb0000 end_va = 0x1cd55fbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 685 start_va = 0x1cd55fc0000 end_va = 0x1cd55fcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 686 start_va = 0x1cd55fd0000 end_va = 0x1cd55fdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 687 start_va = 0x1cd55fe0000 end_va = 0x1cd55feffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 688 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 689 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 690 start_va = 0x1cd56010000 end_va = 0x1cd56017fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56010000" filename = "" Region: id = 691 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 692 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 693 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 694 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 695 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 696 start_va = 0x1cd56010000 end_va = 0x1cd56017fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56010000" filename = "" Region: id = 697 start_va = 0x1cd56020000 end_va = 0x1cd56027fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56020000" filename = "" Region: id = 698 start_va = 0x1cd56030000 end_va = 0x1cd56037fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56030000" filename = "" Region: id = 699 start_va = 0x1cd56040000 end_va = 0x1cd56047fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56040000" filename = "" Region: id = 700 start_va = 0x1cd56050000 end_va = 0x1cd56057fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56050000" filename = "" Region: id = 701 start_va = 0x1cd56060000 end_va = 0x1cd56067fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56060000" filename = "" Region: id = 702 start_va = 0x1cd56070000 end_va = 0x1cd56077fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56070000" filename = "" Region: id = 703 start_va = 0x1cd56080000 end_va = 0x1cd56087fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56080000" filename = "" Region: id = 704 start_va = 0x1cd56090000 end_va = 0x1cd56097fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56090000" filename = "" Region: id = 705 start_va = 0x1cd560a0000 end_va = 0x1cd560a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560a0000" filename = "" Region: id = 706 start_va = 0x1cd560b0000 end_va = 0x1cd560b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560b0000" filename = "" Region: id = 707 start_va = 0x1cd560c0000 end_va = 0x1cd560c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560c0000" filename = "" Region: id = 708 start_va = 0x1cd560d0000 end_va = 0x1cd560d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560d0000" filename = "" Region: id = 709 start_va = 0x1cd560e0000 end_va = 0x1cd560e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560e0000" filename = "" Region: id = 710 start_va = 0x1cd560f0000 end_va = 0x1cd560f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560f0000" filename = "" Region: id = 711 start_va = 0x1cd560f0000 end_va = 0x1cd560f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560f0000" filename = "" Region: id = 712 start_va = 0x1cd560f0000 end_va = 0x1cd560f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560f0000" filename = "" Region: id = 713 start_va = 0x1cd560f0000 end_va = 0x1cd560f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560f0000" filename = "" Region: id = 714 start_va = 0x1cd56100000 end_va = 0x1cd56107fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56100000" filename = "" Region: id = 715 start_va = 0x1cd56110000 end_va = 0x1cd56117fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56110000" filename = "" Region: id = 716 start_va = 0x1cd56120000 end_va = 0x1cd56127fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56120000" filename = "" Region: id = 717 start_va = 0x1cd56130000 end_va = 0x1cd56137fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56130000" filename = "" Region: id = 718 start_va = 0x1cd56140000 end_va = 0x1cd56147fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56140000" filename = "" Region: id = 719 start_va = 0x1cd56150000 end_va = 0x1cd56157fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56150000" filename = "" Region: id = 720 start_va = 0x1cd56160000 end_va = 0x1cd56167fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56160000" filename = "" Region: id = 721 start_va = 0x1cd56170000 end_va = 0x1cd56177fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56170000" filename = "" Region: id = 722 start_va = 0x1cd56180000 end_va = 0x1cd56187fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56180000" filename = "" Region: id = 723 start_va = 0x1cd56190000 end_va = 0x1cd56197fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56190000" filename = "" Region: id = 724 start_va = 0x1cd561a0000 end_va = 0x1cd561a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561a0000" filename = "" Region: id = 725 start_va = 0x1cd561b0000 end_va = 0x1cd561b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561b0000" filename = "" Region: id = 726 start_va = 0x1cd561c0000 end_va = 0x1cd561c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561c0000" filename = "" Region: id = 727 start_va = 0x1cd561d0000 end_va = 0x1cd561d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561d0000" filename = "" Region: id = 728 start_va = 0x1cd561e0000 end_va = 0x1cd561e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561e0000" filename = "" Region: id = 729 start_va = 0x1cd561e0000 end_va = 0x1cd561e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561e0000" filename = "" Region: id = 730 start_va = 0x1cd561e0000 end_va = 0x1cd561e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561e0000" filename = "" Region: id = 731 start_va = 0x1cd561e0000 end_va = 0x1cd561e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561e0000" filename = "" Region: id = 732 start_va = 0x1cd561f0000 end_va = 0x1cd561f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561f0000" filename = "" Region: id = 733 start_va = 0x1cd56200000 end_va = 0x1cd56207fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56200000" filename = "" Region: id = 734 start_va = 0x1cd56210000 end_va = 0x1cd56217fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56210000" filename = "" Region: id = 735 start_va = 0x1cd56220000 end_va = 0x1cd56227fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56220000" filename = "" Region: id = 736 start_va = 0x1cd56230000 end_va = 0x1cd56237fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56230000" filename = "" Region: id = 737 start_va = 0x1cd56240000 end_va = 0x1cd56247fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56240000" filename = "" Region: id = 738 start_va = 0x1cd56250000 end_va = 0x1cd56257fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56250000" filename = "" Region: id = 739 start_va = 0x1cd56260000 end_va = 0x1cd56267fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56260000" filename = "" Region: id = 740 start_va = 0x1cd56270000 end_va = 0x1cd56277fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56270000" filename = "" Region: id = 741 start_va = 0x1cd56280000 end_va = 0x1cd56287fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56280000" filename = "" Region: id = 742 start_va = 0x1cd56290000 end_va = 0x1cd56297fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56290000" filename = "" Region: id = 743 start_va = 0x1cd562a0000 end_va = 0x1cd562a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562a0000" filename = "" Region: id = 744 start_va = 0x1cd562b0000 end_va = 0x1cd562b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562b0000" filename = "" Region: id = 745 start_va = 0x1cd562c0000 end_va = 0x1cd562c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562c0000" filename = "" Region: id = 746 start_va = 0x1cd562c0000 end_va = 0x1cd562c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562c0000" filename = "" Region: id = 747 start_va = 0x1cd562c0000 end_va = 0x1cd562c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562c0000" filename = "" Region: id = 748 start_va = 0x1cd562c0000 end_va = 0x1cd562c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562c0000" filename = "" Region: id = 749 start_va = 0x1cd562d0000 end_va = 0x1cd562d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562d0000" filename = "" Region: id = 750 start_va = 0x1cd562e0000 end_va = 0x1cd562e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562e0000" filename = "" Region: id = 751 start_va = 0x1cd562f0000 end_va = 0x1cd562f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562f0000" filename = "" Region: id = 752 start_va = 0x1cd56300000 end_va = 0x1cd56307fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56300000" filename = "" Region: id = 753 start_va = 0x1cd56310000 end_va = 0x1cd56317fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56310000" filename = "" Region: id = 754 start_va = 0x1cd56320000 end_va = 0x1cd56327fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56320000" filename = "" Region: id = 755 start_va = 0x1cd56330000 end_va = 0x1cd56337fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56330000" filename = "" Region: id = 756 start_va = 0x1cd56340000 end_va = 0x1cd56347fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56340000" filename = "" Region: id = 757 start_va = 0x1cd56350000 end_va = 0x1cd56357fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56350000" filename = "" Region: id = 758 start_va = 0x1cd56360000 end_va = 0x1cd56360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56360000" filename = "" Region: id = 759 start_va = 0x1cd56360000 end_va = 0x1cd56360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56360000" filename = "" Region: id = 760 start_va = 0x1cd56360000 end_va = 0x1cd56367fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56360000" filename = "" Region: id = 761 start_va = 0x1cd56360000 end_va = 0x1cd56367fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56360000" filename = "" Region: id = 762 start_va = 0x1cd56370000 end_va = 0x1cd56377fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56370000" filename = "" Region: id = 763 start_va = 0x1cd56380000 end_va = 0x1cd56387fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56380000" filename = "" Region: id = 764 start_va = 0x1cd56390000 end_va = 0x1cd56395fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd56390000" filename = "" Region: id = 765 start_va = 0x1cd563a0000 end_va = 0x1cd563a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563a0000" filename = "" Region: id = 766 start_va = 0x1cd56390000 end_va = 0x1cd5639ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd56390000" filename = "" Region: id = 767 start_va = 0x1cd563b0000 end_va = 0x1cd563bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 768 start_va = 0x1cd563c0000 end_va = 0x1cd563cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 769 start_va = 0x1cd563d0000 end_va = 0x1cd563dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 770 start_va = 0x1cd563e0000 end_va = 0x1cd563effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 771 start_va = 0x1cd55ff0000 end_va = 0x1cd55ffffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 772 start_va = 0x1cd56010000 end_va = 0x1cd5601ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 773 start_va = 0x1cd56020000 end_va = 0x1cd5602ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 774 start_va = 0x1cd56030000 end_va = 0x1cd5603ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 775 start_va = 0x1cd56040000 end_va = 0x1cd5604ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 776 start_va = 0x1cd56050000 end_va = 0x1cd5605ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 777 start_va = 0x1cd56060000 end_va = 0x1cd5606ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 778 start_va = 0x1cd56070000 end_va = 0x1cd5607ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 779 start_va = 0x1cd56080000 end_va = 0x1cd5608ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 780 start_va = 0x1cd56090000 end_va = 0x1cd5609ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 781 start_va = 0x1cd560a0000 end_va = 0x1cd560affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 782 start_va = 0x1cd560b0000 end_va = 0x1cd560bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 783 start_va = 0x1cd560c0000 end_va = 0x1cd560cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 784 start_va = 0x1cd560d0000 end_va = 0x1cd560dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 785 start_va = 0x1cd560e0000 end_va = 0x1cd560effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 786 start_va = 0x1cd560f0000 end_va = 0x1cd560fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 787 start_va = 0x1cd56140000 end_va = 0x1cd5614ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 788 start_va = 0x1cd56100000 end_va = 0x1cd5610ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 789 start_va = 0x1cd56110000 end_va = 0x1cd5611ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 790 start_va = 0x1cd56120000 end_va = 0x1cd5612ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 791 start_va = 0x1cd56130000 end_va = 0x1cd5613ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 792 start_va = 0x1cd56150000 end_va = 0x1cd5615ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 793 start_va = 0x1cd56160000 end_va = 0x1cd5616ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 794 start_va = 0x1cd56170000 end_va = 0x1cd5617ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 795 start_va = 0x1cd56180000 end_va = 0x1cd5618ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 796 start_va = 0x1cd56190000 end_va = 0x1cd5619ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 797 start_va = 0x1cd561a0000 end_va = 0x1cd561affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 798 start_va = 0x1cd561b0000 end_va = 0x1cd561bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 799 start_va = 0x1cd561c0000 end_va = 0x1cd561cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 800 start_va = 0x1cd561d0000 end_va = 0x1cd561dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 801 start_va = 0x1cd561e0000 end_va = 0x1cd561effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 802 start_va = 0x1cd561f0000 end_va = 0x1cd561fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 803 start_va = 0x1cd56200000 end_va = 0x1cd5620ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 804 start_va = 0x1cd56210000 end_va = 0x1cd5621ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 805 start_va = 0x1cd56220000 end_va = 0x1cd5622ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 806 start_va = 0x1cd56230000 end_va = 0x1cd5623ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 807 start_va = 0x1cd56240000 end_va = 0x1cd5624ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 808 start_va = 0x1cd56250000 end_va = 0x1cd5625ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 809 start_va = 0x1cd56260000 end_va = 0x1cd5626ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 810 start_va = 0x1cd56270000 end_va = 0x1cd5627ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 811 start_va = 0x1cd56280000 end_va = 0x1cd5628ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 812 start_va = 0x1cd56290000 end_va = 0x1cd5629ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 813 start_va = 0x1cd562a0000 end_va = 0x1cd562affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 814 start_va = 0x1cd562b0000 end_va = 0x1cd562bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 815 start_va = 0x1cd562d0000 end_va = 0x1cd562dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 816 start_va = 0x1cd562e0000 end_va = 0x1cd562effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 817 start_va = 0x1cd562f0000 end_va = 0x1cd562fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 818 start_va = 0x1cd56300000 end_va = 0x1cd5630ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 819 start_va = 0x1cd56310000 end_va = 0x1cd5631ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 820 start_va = 0x1cd56320000 end_va = 0x1cd5632ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 821 start_va = 0x1cd56330000 end_va = 0x1cd5633ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 822 start_va = 0x1cd56340000 end_va = 0x1cd5634ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 823 start_va = 0x1cd56350000 end_va = 0x1cd5635ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 824 start_va = 0x1cd562c0000 end_va = 0x1cd562cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 825 start_va = 0x1cd563a0000 end_va = 0x1cd563affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 826 start_va = 0x1cd56360000 end_va = 0x1cd5636ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 827 start_va = 0x1cd56370000 end_va = 0x1cd5637ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 828 start_va = 0x1cd56380000 end_va = 0x1cd5638ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 829 start_va = 0x1cd563f0000 end_va = 0x1cd563fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 830 start_va = 0x1cd56400000 end_va = 0x1cd56400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56400000" filename = "" Region: id = 831 start_va = 0x1cd563b0000 end_va = 0x1cd563b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563b0000" filename = "" Region: id = 832 start_va = 0x1cd563c0000 end_va = 0x1cd563c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563c0000" filename = "" Region: id = 833 start_va = 0x1cd56380000 end_va = 0x1cd56380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56380000" filename = "" Thread: id = 15 os_tid = 0x71c Thread: id = 16 os_tid = 0x9dc Thread: id = 17 os_tid = 0x9d4 Thread: id = 18 os_tid = 0x9b8 Thread: id = 19 os_tid = 0x9ac Thread: id = 20 os_tid = 0x9a0